BleepingComputer.com: Unsupervised Combofix and internet is now broken

I have an HP netbook running Windows Starter (SP1).1 .66GHz 1GB RAM 32bit 12 GB HDD space.

Infection was doing a google redirect as well as initiating programs and freezing my computer. I ran combofix at one point to remove an infection that was just doing a google redirect, and that worked fine. Since this new infection, I've ran combofix and it stopped the infection as best I can tell, however, the internet seems to connect, but none of the webpages load as if there is no connection. I've also had to use "run as administrator" for initiating all programs.

I would love some help so I can avoid a reformat!


Awaiting your instruction
Chris

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

• Do not run any other tool untill instructed to do so!
  
• Please Do not Attach logs or put in code boxes.
  
• Tell me about any problems that have occurred during the fix.
  
• Tell me of any other symptoms you may be having as these can help also.
  
• Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

• The application window will appear
  
• Click the Disable button to disable your CD Emulation drivers
  
• Click Yes to continue
  
• A 'Finished!' message will appear
  
• Click OK
  
• DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.

Download DDS:

Please download DDS by sUBs from one of the links below and save it to your desktop:


Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.


• Double-Click on dds.scr and a command window will appear. This is normal.
  
• Shortly after two logs will appear:
  
  • DDS.txt
    
  • Attach.txt
  
  
• A window will open instructing you save & post the logs
  
• Save the logs to a convenient place such as your desktop
  
• Copy the contents of both logs & post in your next reply

information and logs:

In your next post I need the following


• .logs from DDS
  
• let me know of any problems you may have had

Gringo

Thank you for working with me Gringo.

First, I would like you to know that I have two laptops. One with which I am communicating to you on, as well as downloading these tools onto. The other is my infected/broken netbook that I am attempting to fix. I am using a flashdrive to transfer the tool .exe files over so that I can run them on there.

1)DeFogger ran successfully
2)I attempted to 'disable' Avira Free Antivirus, however I could only find an option to turn 'real time protection' set to inactive.
3)DDS ran successfully

LOGS:



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Gunner at 13:39:43 on 2012-01-11
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1012.477 [GMT -6:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\gunner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpmedi~1.lnk - c:\program files\hewlett-packard\hp media suite\home\ArcStart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{050F43F7-48BB-4D22-8DA4-433C76CB4FA6} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{050F43F7-48BB-4D22-8DA4-433C76CB4FA6}\052796E63656F534F6E64796F584F64756C6F575966496F50313 : DhcpNameServer = 10.10.10.1
TCP: Interfaces\{050F43F7-48BB-4D22-8DA4-433C76CB4FA6}\4416973794E6E623 : DhcpNameServer = 68.11.16.30 68.1.208.130 4.2.2.2
TCP: Interfaces\{050F43F7-48BB-4D22-8DA4-433C76CB4FA6}\55F666D4 : DhcpNameServer = 128.101.101.101 134.84.84.84
TCP: Interfaces\{050F43F7-48BB-4D22-8DA4-433C76CB4FA6}\55F666D4027457563747 : DhcpNameServer = 128.101.101.101 134.84.84.84
TCP: Interfaces\{050F43F7-48BB-4D22-8DA4-433C76CB4FA6}\6496566646F6D6 : DhcpNameServer = 8.8.8.8 172.16.206.215 172.16.206.215
TCP: Interfaces\{050F43F7-48BB-4D22-8DA4-433C76CB4FA6}\84F657375602E4564777F627B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{050F43F7-48BB-4D22-8DA4-433C76CB4FA6}\E4544574541425D223E243D274 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} - c:\program files\hewlett-packard\hp media suite\home\HPMediaSuite.exe "/installer"
mASetup: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - c:\windows\system32\wscript.exe "c:\program files\hewlett-packard\hp media suite\home\PinItem.vbs"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gunner\appdata\roaming\mozilla\firefox\profiles\l72k49e5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63333
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-24 36000]
R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [2009-11-11 18136]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-1-21 81920]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-24 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-24 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-24 74640]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\hpqwmm\quickweb\qw.sys\config\DVMExportService.exe [2010-9-28 338208]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-6-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;c:\program files\hewlett-packard\hp client services\HPClientServices.exe [2010-8-5 210488]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-8-23 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-1-21 13336]
R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacomd\x86\novacomd.exe [2010-10-21 61440]
R2 RoxioNow Service;RoxioNow Service;c:\program files\roxio\roxionow player\RNowSvc.exe [2010-9-11 399344]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-1-21 275048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-18 136176]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2010-6-17 27136]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-18 136176]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-12-15 20080]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
.
=============== Created Last 30 ================
.
2012-01-06 04:55:19 0 ---ha-w- c:\users\gunner\BITCDBE.tmp
2011-12-25 03:25:09 -------- d-----w- c:\users\gunner\appdata\roaming\Avira
2011-12-25 03:18:10 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-25 03:18:10 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-25 03:18:05 -------- d-----w- c:\programdata\Avira
2011-12-25 03:18:05 -------- d-----w- c:\program files\Avira
2011-12-18 16:33:18 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-16 13:05:09 -------- d-----w- c:\users\gunner\appdata\local\temp
2011-12-16 10:13:30 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-16 10:07:44 98816 ----a-w- c:\windows\sed.exe
2011-12-16 10:07:44 518144 ----a-w- c:\windows\SWREG.exe
2011-12-16 10:07:44 256000 ----a-w- c:\windows\PEV.exe
2011-12-16 10:07:44 208896 ----a-w- c:\windows\MBR.exe
2011-12-16 05:31:09 -------- d-----w- c:\program files\PeerBlock
.
==================== Find3M ====================
.
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-26 04:47:40 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:47:40 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:28:12 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-17 13:36:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-15 05:38:59 534528 ----a-w- c:\windows\system32\EncDec.dll
.
============= FINISH: 13:41:15.40 ===============


ATTACH:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 2/8/2011 10:59:54 PM
System Uptime: 1/7/2012 4:49:07 PM (93 hours ago)
.
Motherboard: Hewlett-Packard | | 1584
Processor: Intel® Atom™ CPU N455 @ 1.66GHz | CPU | 999/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 280 GiB total, 4.875 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 2.612 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.5 MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Alcor Micro USB Card Reader
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira Free Antivirus
Bejeweled 2 Deluxe
Blasterball 3
Blio
Boingo Wi-Fi
Bonjour
Bounce Symphony
Broadcom 802.11 Wireless LAN Adapter
Cake Mania
Chuzzle Deluxe
Comcast Desktop Software (v1.2.0.9)
CyberLink DVD Suite
D3DX10
Diner Dash 2 Restaurant Rescue
Dream Chronicles
Energy Star Digital Logo
ESET Online Scanner v3
ESU for Microsoft Windows 7
Evernote
Farm Frenzy
FATE
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.1.0
HP Auto
HP Client Services
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP HomeBase
HP MovieStore
HP Photo Creations
HP Power Manager
HP Quick Launch
HP QuickSync
HP QuickWeb Installer
HP Setup
HP Setup Manager
HP Software Framework
HP Wireless Assistant
iCloud
IDT Audio
Insaniquarium Deluxe
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
iTunes
Java Auto Updater
Java™ 6 Update 23
Jewel Quest - Heritage
Jewel Quest II
Jewel Quest Solitaire
JoJo's Fashion Show
Junk Mail filter update
Mahjongg Artifacts
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.25)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Novacomd
Octoshape add-in for Adobe Flash Player
PeerBlock 1.1 (r518)
Penguins!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
PokerStars
Polar Bowler
Power2Go
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Recovery Manager
RoxioNow Player
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skip-Bo - Castaway Caper
Slingo Deluxe
Synaptics Pointing Device Driver
Times Reader
Tradewinds Legends
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Virtual Villagers - The Secret City
VLC media player 1.1.10
Wedding Dash
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-bit)
Xvid Video Codec
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
1/9/2012 9:51:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/7/2012 4:50:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
1/11/2012 1:25:55 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: Tdx. This service might not be installed.
1/11/2012 1:25:55 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
1/11/2012 1:25:48 PM, Error: Service Control Manager [7003] - The DNS Client service depends the following service: Tdx. This service might not be installed.
.
==== End Of File ===========================



4) No problems encountered

Thank you very much!

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here


Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following


• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

1) Log:

ComboFix 12-01-10.02 - Gunner 01/11/2012 16:50:07.9.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1012.517 [GMT -6:00]
Running from: c:\users\Gunner\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gunner\BITCDBE.tmp
c:\windows\$NtUninstallKB44853$
.
c:\windows\system32\drivers\tdx.sys was missing
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-11 23:06 . 2012-01-11 23:19 -------- d-----w- c:\users\Gunner\AppData\Local\temp
2012-01-11 23:06 . 2012-01-11 23:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-11 23:06 . 2012-01-11 23:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-11 23:06 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-01-11 22:35 . 2009-07-13 23:11 53760 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-12-25 03:25 . 2011-12-25 03:25 -------- d-----w- c:\users\Gunner\AppData\Roaming\Avira
2011-12-25 03:18 . 2011-12-15 21:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-25 03:18 . 2011-12-15 21:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-25 03:18 . 2011-12-15 21:00 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-25 03:18 . 2011-12-25 03:18 -------- d-----w- c:\programdata\Avira
2011-12-25 03:18 . 2011-12-25 03:18 -------- d-----w- c:\program files\Avira
2011-12-16 10:13 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-16 05:31 . 2011-12-25 03:48 -------- d-----w- c:\program files\PeerBlock
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-17 13:36 . 2011-07-11 21:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-08-03 495708]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-09-17 1897768]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-08-24 584760]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-17 237568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
.
c:\users\Gunner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-1 91648]
Snapfish PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boingo Wi-Fi]
2011-05-16 19:43 2429 ----a-w- c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-19 136176]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-17 27136]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-19 136176]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 20080]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 36000]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-08-03 81920]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-09-29 338208]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 210488]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-08-24 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [2010-10-21 61440]
S2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-24 275048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}]
2010-09-03 20:14 715840 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-19 01:39]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-19 01:39]
.
2012-01-11 c:\windows\Tasks\HPCeeScheduleForGunner.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-01-11 c:\windows\Tasks\HPCeeScheduleForMUDBUTT$.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Gunner\AppData\Roaming\Mozilla\Firefox\Profiles\l72k49e5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63333
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2528)
c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-01-11 17:27:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-11 23:27
ComboFix2.txt 2011-12-18 16:36
ComboFix3.txt 2011-12-16 13:16
ComboFix4.txt 2011-09-27 17:11
ComboFix5.txt 2012-01-11 22:31
.
Pre-Run: 5,214,822,400 bytes free
Post-Run: 5,177,958,400 bytes free
.
- - End Of File - - CEFCB1E73D33CA6E76F86C370EF7ECD5


2) Only problem encountered is upon clicking Combofix, and allowing it to run after the windows prompt, it said that it could not find the file because it had moved. Which I am assuming because I just drag/dropped it off my flashdrive. I then copied it and pasted it and it ran fine. Also, Combofix ran and popped up with a "zeroaccess rootit" notification. It then needed to restart the computer. It said that if upon restart that the internet did not work, then try restarting the computer and it might work afterwards.


3) computer restarted fine. and the internet works!

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

In your next post I need the following


• report from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now after running the script?

Gringo

1) Report from Combofix

ComboFix 12-01-10.02 - Gunner 01/11/2012 21:05:33.10.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1012.416 [GMT -6:00]
Running from: c:\users\Gunner\Desktop\ComboFix.exe
Command switches used :: c:\users\Gunner\Desktop\CFScript.txt.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gunner\AppData\Local\cce.exe
c:\users\Gunner\AppData\Local\srr.exe
c:\windows\$NtUninstallKB44853$\1822802832\@
c:\windows\$NtUninstallKB44853$\1822802832\bckfg.tmp
c:\windows\$NtUninstallKB44853$\1822802832\cfg.ini
c:\windows\$NtUninstallKB44853$\1822802832\Desktop.ini
c:\windows\$NtUninstallKB44853$\1822802832\keywords
c:\windows\$NtUninstallKB44853$\1822802832\kwrd.dll
c:\windows\$NtUninstallKB44853$\1822802832\L\xadqgnnk
c:\windows\$NtUninstallKB44853$\1822802832\U\00000001.@
c:\windows\$NtUninstallKB44853$\1822802832\U\00000002.@
c:\windows\$NtUninstallKB44853$\1822802832\U\00000004.@
c:\windows\$NtUninstallKB44853$\1822802832\U\80000000.@
c:\windows\$NtUninstallKB44853$\1822802832\U\80000004.@
c:\windows\$NtUninstallKB44853$\1822802832\U\80000032.@
c:\windows\$NtUninstallKB44853$\564880485
c:\windows\$NtUninstallKB44853$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 03:21 . 2012-01-12 03:23 -------- d-----w- c:\users\Gunner\AppData\Local\temp
2012-01-12 03:21 . 2012-01-12 03:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-12 03:21 . 2012-01-12 03:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-12 03:01 . 2010-11-20 10:06 46080 ----a-w- c:\windows\system32\drivers\ndisuio.sys
2012-01-11 23:06 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-01-11 22:35 . 2009-07-13 23:11 53760 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-12-25 03:25 . 2011-12-25 03:25 -------- d-----w- c:\users\Gunner\AppData\Roaming\Avira
2011-12-25 03:18 . 2011-12-15 21:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-25 03:18 . 2011-12-15 21:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-25 03:18 . 2011-12-15 21:00 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-25 03:18 . 2011-12-25 03:18 -------- d-----w- c:\programdata\Avira
2011-12-25 03:18 . 2011-12-25 03:18 -------- d-----w- c:\program files\Avira
2011-12-16 10:13 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-16 05:31 . 2011-12-25 03:48 -------- d-----w- c:\program files\PeerBlock
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-17 13:36 . 2011-07-11 21:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 08:39 . !HASH: COULD NOT OPEN FILE !!!!! . 74752 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[7] 2009-07-13 . CB39E896A2A83702D1737BFD402B3542 . 74240 . . [6.1.7600.16385] . . c:\windows\ERDNT\cache\tdx.sys
[-] 2009-07-13 23:12 . D95D4C2CC67E6B87FB2CBB6C99B29680 . 74240 . . [------] . . c:\windows\System32\drivers\tdx.sys
[7] 2009-07-13 . CB39E896A2A83702D1737BFD402B3542 . 74240 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 754176 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-08-03 495708]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-09-17 1897768]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-08-24 584760]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-06-17 237568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
.
c:\users\Gunner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-1 91648]
Snapfish PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boingo Wi-Fi]
2011-05-16 19:43 2429 ----a-w- c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-19 136176]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-17 27136]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-19 136176]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 20080]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 36000]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-08-03 81920]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-09-29 338208]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 210488]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-08-24 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [2010-10-21 61440]
S2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-24 275048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}]
2010-09-03 20:14 715840 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-19 01:39]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-19 01:39]
.
2012-01-12 c:\windows\Tasks\HPCeeScheduleForGunner.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-01-11 c:\windows\Tasks\HPCeeScheduleForMUDBUTT$.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Gunner\AppData\Roaming\Mozilla\Firefox\Profiles\l72k49e5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63333
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: general.useragent.extra.brc -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(560)
c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-01-11 21:32:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-12 03:32
ComboFix2.txt 2012-01-11 23:27
ComboFix3.txt 2011-12-18 16:36
ComboFix4.txt 2011-12-16 13:16
ComboFix5.txt 2012-01-12 02:54
.
Pre-Run: 5,161,234,432 bytes free
Post-Run: 5,114,241,024 bytes free
.
- - End Of File - - E0F9F21016BF3B6A6894E66A8F1805A7



2) First problem: A program titled Win 7 Home Security 2012 closed my Firefox window after a short while and immediately popped up saying there were infections and that I needed to protect my computer. It started running what appeared to be a scan and started listing multiple infections. I've closed that every time it pops up and have turned off my wifi connection. Upon turning the wifi connection back on, it pops back up saying that hpCaslNotification is infection with Trojan-BNK.Win32.Keylogger.gen and that it is located in the Hewlett-Packard program files, at which point it asks me if I want to activate Win 7 Home Security 2012 (recommended), or continue without activation (dangerous). I just close the window and turn the wifi antennae off.
Second problem: upon restart, a user account control prompt came up asking if the following program was ok to run 'bcont.exe' with an unknown publisher. I clicked no.
Third problem: I have saved the .txt file as you asked, and when I drag it on top of the combofix icon, it only shifts both icons down, as if I am rearranging my desktop. One thing to mention, is that my combofix icon has a yellow and blue shield icon (same icon as the win 7 home security 2012 icon) on the bottom right of the icon, it is not just the sole red and white cat like your .gif image from your post. My solution, was turn right click the .txt file you asked me to use and select 'open with', at which point I navigated the directory to Combofix and ran the program successfully.
Fourth problem: the combofix popup for ZeroAccess rootkit activity came back again and that it had installed itself in the tcp/ip stack? It said it was a particularly difficult problem and that it needed to reboot the machine.

3) After running the script, the computer seems to not be able to run any programs because they are illegal operations on a registry key that has been marked for deletion.

Hello


restart the computer to clear the registry error


I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

22:51:08.0715 3456 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
22:51:08.0761 3456 ============================================================
22:51:08.0761 3456 Current date / time: 2012/01/11 22:51:08.0761
22:51:08.0761 3456 SystemInfo:
22:51:08.0761 3456
22:51:08.0761 3456 OS Version: 6.1.7601 ServicePack: 1.0
22:51:08.0761 3456 Product type: Workstation
22:51:08.0761 3456 ComputerName: MUDBUTT
22:51:08.0761 3456 UserName: Gunner
22:51:08.0761 3456 Windows directory: C:\Windows
22:51:08.0761 3456 System windows directory: C:\Windows
22:51:08.0761 3456 Processor architecture: Intel x86
22:51:08.0761 3456 Number of processors: 2
22:51:08.0761 3456 Page size: 0x1000
22:51:08.0761 3456 Boot type: Normal boot
22:51:08.0761 3456 ============================================================
22:51:10.0867 3456 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
22:51:10.0899 3456 Drive \Device\Harddisk1\DR1 - Size: 0x78400000, SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:51:10.0977 3456 Initialize success
22:51:24.0347 2444 ============================================================
22:51:24.0347 2444 Scan started
22:51:24.0347 2444 Mode: Manual;
22:51:24.0347 2444 ============================================================
22:51:25.0142 2444 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:51:25.0158 2444 1394ohci - ok
22:51:25.0220 2444 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:51:25.0236 2444 ACPI - ok
22:51:25.0267 2444 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:51:25.0283 2444 AcpiPmi - ok
22:51:25.0345 2444 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:51:25.0376 2444 adp94xx - ok
22:51:25.0423 2444 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:51:25.0454 2444 adpahci - ok
22:51:25.0532 2444 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:51:25.0564 2444 adpu320 - ok
22:51:25.0720 2444 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:51:25.0766 2444 AFD - ok
22:51:25.0829 2444 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:51:25.0844 2444 agp440 - ok
22:51:25.0954 2444 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:51:25.0985 2444 aic78xx - ok
22:51:26.0156 2444 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:51:26.0172 2444 aliide - ok
22:51:26.0203 2444 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:51:26.0219 2444 amdagp - ok
22:51:26.0234 2444 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:51:26.0250 2444 amdide - ok
22:51:26.0281 2444 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:51:26.0312 2444 AmdK8 - ok
22:51:26.0359 2444 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:51:26.0375 2444 AmdPPM - ok
22:51:26.0437 2444 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:51:26.0468 2444 amdsata - ok
22:51:26.0515 2444 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:51:26.0531 2444 amdsbs - ok
22:51:26.0687 2444 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:51:26.0702 2444 amdxata - ok
22:51:26.0796 2444 AmUStor (d2bf422c2611632afb9ce8f7b2a8c306) C:\Windows\system32\drivers\AmUStor.SYS
22:51:26.0796 2444 AmUStor - ok
22:51:26.0936 2444 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:51:26.0952 2444 AppID - ok
22:51:27.0108 2444 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:51:27.0124 2444 arc - ok
22:51:27.0186 2444 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:51:27.0202 2444 arcsas - ok
22:51:27.0264 2444 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:51:27.0295 2444 AsyncMac - ok
22:51:27.0373 2444 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:51:27.0389 2444 atapi - ok
22:51:27.0467 2444 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
22:51:27.0482 2444 avgntflt - ok
22:51:27.0638 2444 avipbb (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
22:51:27.0670 2444 avipbb - ok
22:51:27.0701 2444 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:51:27.0716 2444 avkmgr - ok
22:51:27.0810 2444 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:51:27.0841 2444 b06bdrv - ok
22:51:27.0919 2444 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:51:27.0935 2444 b57nd60x - ok
22:51:28.0122 2444 BCM43XX (9c3b534854f0152ed4711d936a2192eb) C:\Windows\system32\DRIVERS\bcmwl6.sys
22:51:28.0184 2444 BCM43XX - ok
22:51:28.0294 2444 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:51:28.0340 2444 Beep - ok
22:51:28.0559 2444 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:51:28.0574 2444 blbdrive - ok
22:51:28.0746 2444 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:51:28.0762 2444 bowser - ok
22:51:28.0808 2444 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:51:28.0808 2444 BrFiltLo - ok
22:51:28.0840 2444 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:51:28.0855 2444 BrFiltUp - ok
22:51:28.0949 2444 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
22:51:28.0964 2444 BridgeMP - ok
22:51:29.0011 2444 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:51:29.0042 2444 Brserid - ok
22:51:29.0074 2444 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:51:29.0089 2444 BrSerWdm - ok
22:51:29.0105 2444 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:51:29.0120 2444 BrUsbMdm - ok
22:51:29.0152 2444 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:51:29.0167 2444 BrUsbSer - ok
22:51:29.0214 2444 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:51:29.0230 2444 BTHMODEM - ok
22:51:29.0354 2444 catchme - ok
22:51:29.0449 2444 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:51:29.0480 2444 cdfs - ok
22:51:29.0589 2444 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
22:51:29.0621 2444 cdrom - ok
22:51:29.0667 2444 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:51:29.0683 2444 circlass - ok
22:51:29.0730 2444 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:51:29.0761 2444 CLFS - ok
22:51:29.0855 2444 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:51:29.0870 2444 CmBatt - ok
22:51:29.0901 2444 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:51:29.0917 2444 cmdide - ok
22:51:29.0979 2444 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
22:51:30.0011 2444 CNG - ok
22:51:30.0073 2444 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:51:30.0089 2444 Compbatt - ok
22:51:30.0167 2444 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:51:30.0182 2444 CompositeBus - ok
22:51:30.0588 2444 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:51:30.0697 2444 crcdisk - ok
22:51:31.0227 2444 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:51:31.0290 2444 DfsC - ok
22:51:31.0649 2444 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:51:31.0664 2444 discache - ok
22:51:31.0992 2444 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:51:32.0023 2444 Disk - ok
22:51:32.0491 2444 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:51:32.0507 2444 drmkaud - ok
22:51:32.0741 2444 DVMIO (ff7a7a1e0f9a0ab892a454ffb9d14bbe) C:\Windows\system32\DRIVERS\dvmio.sys
22:51:32.0756 2444 DVMIO - ok
22:51:33.0021 2444 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:51:33.0115 2444 DXGKrnl - ok
22:51:33.0302 2444 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:51:33.0411 2444 ebdrv - ok
22:51:33.0567 2444 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:51:33.0630 2444 elxstor - ok
22:51:33.0708 2444 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:51:33.0739 2444 ErrDev - ok
22:51:34.0160 2444 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:51:34.0191 2444 exfat - ok
22:51:34.0347 2444 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:51:34.0363 2444 fastfat - ok
22:51:34.0472 2444 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:51:34.0488 2444 fdc - ok
22:51:34.0581 2444 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:51:34.0613 2444 FileInfo - ok
22:51:34.0659 2444 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:51:34.0706 2444 Filetrace - ok
22:51:34.0831 2444 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:51:34.0925 2444 flpydisk - ok
22:51:35.0034 2444 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:51:35.0049 2444 FltMgr - ok
22:51:35.0237 2444 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:51:35.0268 2444 FsDepends - ok
22:51:35.0361 2444 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
22:51:35.0393 2444 Fs_Rec - ok
22:51:35.0580 2444 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:51:35.0658 2444 fvevol - ok
22:51:35.0751 2444 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:51:35.0783 2444 gagp30kx - ok
22:51:35.0923 2444 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:51:35.0954 2444 GEARAspiWDM - ok
22:51:36.0157 2444 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:51:36.0173 2444 hcw85cir - ok
22:51:36.0282 2444 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:51:36.0329 2444 HdAudAddService - ok
22:51:36.0485 2444 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:51:36.0500 2444 HDAudBus - ok
22:51:36.0547 2444 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:51:36.0563 2444 HidBatt - ok
22:51:36.0719 2444 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:51:36.0750 2444 HidBth - ok
22:51:36.0843 2444 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:51:36.0859 2444 HidIr - ok
22:51:36.0999 2444 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:51:36.0999 2444 HidUsb - ok
22:51:37.0218 2444 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:51:37.0249 2444 HpSAMD - ok
22:51:37.0545 2444 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:51:37.0623 2444 HTTP - ok
22:51:37.0701 2444 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:51:37.0717 2444 hwpolicy - ok
22:51:37.0857 2444 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:51:37.0904 2444 i8042prt - ok
22:51:38.0201 2444 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys
22:51:38.0216 2444 iaStor - ok
22:51:38.0403 2444 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:51:38.0450 2444 iaStorV - ok
22:51:38.0871 2444 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:51:39.0043 2444 igfx - ok
22:51:39.0199 2444 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:51:39.0215 2444 iirsp - ok
22:51:39.0402 2444 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:51:39.0417 2444 intelide - ok
22:51:39.0528 2444 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:51:39.0543 2444 intelppm - ok
22:51:39.0699 2444 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:51:39.0715 2444 IpFilterDriver - ok
22:51:39.0855 2444 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:51:39.0902 2444 IPMIDRV - ok
22:51:39.0996 2444 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:51:40.0027 2444 IPNAT - ok
22:51:40.0214 2444 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:51:40.0230 2444 IRENUM - ok
22:51:40.0339 2444 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:51:40.0370 2444 isapnp - ok
22:51:40.0526 2444 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:51:40.0573 2444 iScsiPrt - ok
22:51:40.0729 2444 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
22:51:40.0745 2444 kbdclass - ok
22:51:40.0963 2444 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
22:51:40.0994 2444 kbdhid - ok
22:51:41.0119 2444 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
22:51:41.0182 2444 KSecDD - ok
22:51:41.0306 2444 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
22:51:41.0338 2444 KSecPkg - ok
22:51:41.0540 2444 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:51:41.0556 2444 lltdio - ok
22:51:41.0743 2444 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:51:41.0774 2444 LSI_FC - ok
22:51:41.0852 2444 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:51:41.0884 2444 LSI_SAS - ok
22:51:41.0962 2444 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:51:42.0008 2444 LSI_SAS2 - ok
22:51:42.0149 2444 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:51:42.0180 2444 LSI_SCSI - ok
22:51:42.0274 2444 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:51:42.0305 2444 luafv - ok
22:51:42.0352 2444 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:51:42.0383 2444 megasas - ok
22:51:42.0476 2444 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:51:42.0554 2444 MegaSR - ok
22:51:42.0820 2444 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:51:42.0835 2444 Modem - ok
22:51:42.0929 2444 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:51:42.0929 2444 monitor - ok
22:51:43.0069 2444 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:51:43.0100 2444 mouclass - ok
22:51:43.0256 2444 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:51:43.0288 2444 mouhid - ok
22:51:43.0366 2444 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:51:43.0397 2444 mountmgr - ok
22:51:43.0444 2444 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:51:43.0537 2444 mpio - ok
22:51:43.0600 2444 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:51:43.0646 2444 mpsdrv - ok
22:51:43.0818 2444 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:51:43.0865 2444 MRxDAV - ok
22:51:43.0990 2444 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:51:44.0036 2444 mrxsmb - ok
22:51:44.0192 2444 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:51:44.0224 2444 mrxsmb10 - ok
22:51:44.0286 2444 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:51:44.0317 2444 mrxsmb20 - ok
22:51:44.0411 2444 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:51:44.0426 2444 msahci - ok
22:51:44.0972 2444 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:51:45.0004 2444 msdsm - ok
22:51:45.0206 2444 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:51:45.0238 2444 Msfs - ok
22:51:45.0284 2444 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:51:45.0300 2444 mshidkmdf - ok
22:51:45.0347 2444 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:51:45.0362 2444 msisadrv - ok
22:51:45.0487 2444 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:51:45.0503 2444 MSKSSRV - ok
22:51:45.0581 2444 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:51:45.0612 2444 MSPCLOCK - ok
22:51:45.0706 2444 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:51:45.0737 2444 MSPQM - ok
22:51:45.0784 2444 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:51:45.0815 2444 MsRPC - ok
22:51:45.0924 2444 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:51:45.0940 2444 mssmbios - ok
22:51:46.0049 2444 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:51:46.0080 2444 MSTEE - ok
22:51:46.0158 2444 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:51:46.0205 2444 MTConfig - ok
22:51:46.0252 2444 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:51:46.0283 2444 Mup - ok
22:51:46.0392 2444 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:51:46.0454 2444 NativeWifiP - ok
22:51:46.0595 2444 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:51:46.0642 2444 NDIS - ok
22:51:46.0720 2444 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:51:46.0751 2444 NdisCap - ok
22:51:46.0860 2444 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:51:46.0891 2444 NdisTapi - ok
22:51:47.0094 2444 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:51:47.0110 2444 Ndisuio - ok
22:51:47.0219 2444 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:51:47.0281 2444 NdisWan - ok
22:51:47.0359 2444 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:51:47.0390 2444 NDProxy - ok
22:51:47.0531 2444 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:51:47.0593 2444 NetBIOS - ok
22:51:47.0734 2444 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:51:47.0765 2444 NetBT - ok
22:51:48.0202 2444 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
22:51:48.0420 2444 netw5v32 - ok
22:51:48.0623 2444 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:51:48.0654 2444 nfrd960 - ok
22:51:48.0826 2444 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:51:48.0841 2444 Npfs - ok
22:51:48.0950 2444 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:51:48.0966 2444 nsiproxy - ok
22:51:49.0106 2444 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:51:49.0200 2444 Ntfs - ok
22:51:49.0294 2444 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:51:49.0325 2444 Null - ok
22:51:49.0450 2444 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:51:49.0496 2444 nvraid - ok
22:51:49.0606 2444 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:51:49.0699 2444 nvstor - ok
22:51:49.0918 2444 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:51:49.0996 2444 nv_agp - ok
22:51:50.0136 2444 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:51:50.0214 2444 ohci1394 - ok
22:51:50.0370 2444 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:51:50.0432 2444 Parport - ok
22:51:50.0510 2444 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
22:51:50.0713 2444 partmgr - ok
22:51:50.0869 2444 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:51:50.0885 2444 Parvdm - ok
22:51:51.0197 2444 pbfilter (2f6e885c432927a186c2e352c8a1cbf4) C:\Program Files\PeerBlock\pbfilter.sys
22:51:51.0212 2444 pbfilter - ok
22:51:51.0400 2444 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:51:51.0431 2444 pci - ok
22:51:51.0540 2444 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:51:51.0587 2444 pciide - ok
22:51:51.0774 2444 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:51:51.0821 2444 pcmcia - ok
22:51:51.0883 2444 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:51:51.0899 2444 pcw - ok
22:51:51.0946 2444 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:51:52.0008 2444 PEAUTH - ok
22:51:52.0258 2444 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:51:52.0273 2444 PptpMiniport - ok
22:51:52.0336 2444 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:51:52.0351 2444 Processor - ok
22:51:52.0445 2444 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:51:52.0445 2444 Psched - ok
22:51:52.0694 2444 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:51:52.0757 2444 ql2300 - ok
22:51:52.0960 2444 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:51:52.0991 2444 ql40xx - ok
22:51:53.0038 2444 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:51:53.0053 2444 QWAVEdrv - ok
22:51:53.0147 2444 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:51:53.0162 2444 RasAcd - ok
22:51:53.0225 2444 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:51:53.0256 2444 RasAgileVpn - ok
22:51:53.0287 2444 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:51:53.0303 2444 Rasl2tp - ok
22:51:53.0365 2444 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:51:53.0396 2444 RasPppoe - ok
22:51:53.0443 2444 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:51:53.0474 2444 RasSstp - ok
22:51:53.0630 2444 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:51:53.0677 2444 rdbss - ok
22:51:53.0724 2444 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:51:53.0740 2444 rdpbus - ok
22:51:53.0802 2444 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:51:53.0818 2444 RDPCDD - ok
22:51:53.0896 2444 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:51:53.0896 2444 RDPENCDD - ok
22:51:54.0020 2444 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:51:54.0020 2444 RDPREFMP - ok
22:51:54.0114 2444 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
22:51:54.0130 2444 RDPWD - ok
22:51:54.0286 2444 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:51:54.0332 2444 rdyboost - ok
22:51:54.0504 2444 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:51:54.0535 2444 rspndr - ok
22:51:54.0722 2444 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
22:51:54.0769 2444 RTL8167 - ok
22:51:54.0942 2444 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:51:54.0973 2444 sbp2port - ok
22:51:55.0113 2444 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:51:55.0145 2444 scfilter - ok
22:51:55.0269 2444 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
22:51:55.0316 2444 sdbus - ok
22:51:55.0519 2444 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:51:55.0535 2444 secdrv - ok
22:51:55.0737 2444 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:51:55.0753 2444 Serenum - ok
22:51:55.0893 2444 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:51:56.0018 2444 Serial - ok
22:51:56.0205 2444 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:51:56.0268 2444 sermouse - ok
22:51:56.0408 2444 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:51:56.0439 2444 sffdisk - ok
22:51:56.0502 2444 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:51:56.0517 2444 sffp_mmc - ok
22:51:56.0564 2444 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:51:56.0580 2444 sffp_sd - ok
22:51:56.0720 2444 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:51:56.0720 2444 sfloppy - ok
22:51:56.0939 2444 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:51:56.0970 2444 sisagp - ok
22:51:57.0219 2444 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:51:57.0266 2444 SiSRaid2 - ok
22:51:57.0313 2444 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:51:57.0344 2444 SiSRaid4 - ok
22:51:57.0438 2444 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:51:57.0469 2444 Smb - ok
22:51:57.0563 2444 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:51:57.0594 2444 spldr - ok
22:51:57.0812 2444 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:51:57.0875 2444 srv - ok
22:51:58.0046 2444 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:51:58.0109 2444 srv2 - ok
22:51:58.0327 2444 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:51:58.0421 2444 SrvHsfHDA - ok
22:51:58.0655 2444 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:51:58.0764 2444 SrvHsfV92 - ok
22:51:58.0857 2444 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:51:58.0920 2444 SrvHsfWinac - ok
22:51:59.0029 2444 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:51:59.0076 2444 srvnet - ok
22:51:59.0263 2444 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:51:59.0294 2444 ssmdrv - ok
22:51:59.0419 2444 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:51:59.0450 2444 stexstor - ok
22:51:59.0669 2444 STHDA (ec4b4125ba14f7436b1740f63f7bff21) C:\Windows\system32\DRIVERS\stwrt.sys
22:51:59.0731 2444 STHDA - ok
22:51:59.0871 2444 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:51:59.0903 2444 swenum - ok
22:52:00.0105 2444 SynTP (92b2f8252e45d234288cb52e7db93093) C:\Windows\system32\DRIVERS\SynTP.sys
22:52:00.0261 2444 SynTP - ok
22:52:00.0667 2444 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
22:52:00.0792 2444 Tcpip - ok
22:52:00.0979 2444 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
22:52:00.0995 2444 TCPIP6 - ok
22:52:01.0104 2444 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:52:01.0135 2444 tcpipreg - ok
22:52:01.0244 2444 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:52:01.0260 2444 TDPIPE - ok
22:52:01.0307 2444 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
22:52:01.0322 2444 TDTCP - ok
22:52:01.0447 2444 tdx (d95d4c2cc67e6b87fb2cbb6c99b29680) C:\Windows\system32\DRIVERS\tdx.sys
22:52:01.0509 2444 tdx - ok
22:52:01.0665 2444 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:52:01.0697 2444 TermDD - ok
22:52:01.0977 2444 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:52:02.0055 2444 tssecsrv - ok
22:52:02.0227 2444 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:52:02.0274 2444 TsUsbFlt - ok
22:52:02.0383 2444 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:52:02.0414 2444 tunnel - ok
22:52:02.0461 2444 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:52:02.0492 2444 uagp35 - ok
22:52:02.0726 2444 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:52:02.0789 2444 udfs - ok
22:52:02.0913 2444 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:52:02.0960 2444 uliagpkx - ok
22:52:03.0101 2444 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
22:52:03.0132 2444 umbus - ok
22:52:03.0179 2444 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:52:03.0210 2444 UmPass - ok
22:52:03.0303 2444 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
22:52:03.0319 2444 USBAAPL - ok
22:52:03.0350 2444 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:52:03.0381 2444 usbccgp - ok
22:52:03.0537 2444 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:52:03.0569 2444 usbcir - ok
22:52:03.0693 2444 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
22:52:03.0756 2444 usbehci - ok
22:52:03.0912 2444 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:52:04.0005 2444 usbhub - ok
22:52:04.0099 2444 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
22:52:04.0489 2444 usbohci - ok
22:52:04.0707 2444 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:52:04.0739 2444 usbprint - ok
22:52:04.0879 2444 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:52:04.0926 2444 USBSTOR - ok
22:52:05.0083 2444 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
22:52:05.0130 2444 usbuhci - ok
22:52:05.0270 2444 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
22:52:05.0301 2444 usbvideo - ok
22:52:05.0457 2444 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:52:05.0488 2444 vdrvroot - ok
22:52:05.0691 2444 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:52:05.0722 2444 vga - ok
22:52:05.0832 2444 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:52:05.0847 2444 VgaSave - ok
22:52:05.0972 2444 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:52:06.0034 2444 vhdmp - ok
22:52:06.0268 2444 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:52:06.0315 2444 viaagp - ok
22:52:06.0487 2444 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:52:06.0534 2444 ViaC7 - ok
22:52:06.0690 2444 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:52:06.0721 2444 viaide - ok
22:52:06.0846 2444 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:52:06.0892 2444 volmgr - ok
22:52:07.0033 2444 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:52:07.0048 2444 volmgrx - ok
22:52:07.0189 2444 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:52:07.0282 2444 volsnap - ok
22:52:07.0423 2444 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:52:07.0470 2444 vsmraid - ok
22:52:07.0641 2444 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
22:52:07.0657 2444 vwifibus - ok
22:52:07.0766 2444 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:52:07.0844 2444 vwififlt - ok
22:52:08.0000 2444 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:52:08.0031 2444 WacomPen - ok
22:52:08.0172 2444 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:52:08.0218 2444 WANARP - ok
22:52:08.0250 2444 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:52:08.0250 2444 Wanarpv6 - ok
22:52:08.0390 2444 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:52:08.0437 2444 Wd - ok
22:52:08.0515 2444 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:52:08.0608 2444 Wdf01000 - ok
22:52:08.0858 2444 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:52:08.0889 2444 WfpLwf - ok
22:52:08.0952 2444 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:52:09.0014 2444 WIMMount - ok
22:52:09.0451 2444 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
22:52:09.0482 2444 WinUsb - ok
22:52:09.0794 2444 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:52:09.0810 2444 WmiAcpi - ok
22:52:09.0966 2444 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:52:09.0966 2444 ws2ifsl - ok
22:52:10.0168 2444 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:52:10.0200 2444 WudfPf - ok
22:52:10.0340 2444 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:52:10.0402 2444 WUDFRd - ok
22:52:10.0621 2444 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
22:52:10.0668 2444 yukonw7 - ok
22:52:10.0746 2444 MBR (0x1B8) (c32c09647d5f8f5581a3555f3756c430) \Device\Harddisk0\DR0
22:52:10.0777 2444 \Device\Harddisk0\DR0 - ok
22:52:10.0792 2444 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
22:52:27.0548 2444 \Device\Harddisk1\DR1 - ok
22:52:27.0579 2444 Boot (0x1200) (e1cfca9d0ad3c0ed5b2c37e88e197a7f) \Device\Harddisk0\DR0\Partition0
22:52:27.0595 2444 \Device\Harddisk0\DR0\Partition0 - ok
22:52:27.0610 2444 Boot (0x1200) (dd9915ef4dadbd1ccf0533bdc69cf70c) \Device\Harddisk0\DR0\Partition1
22:52:27.0626 2444 \Device\Harddisk0\DR0\Partition1 - ok
22:52:27.0657 2444 Boot (0x1200) (b8482fbe4e0a017d4dcbe68ec1ccc720) \Device\Harddisk0\DR0\Partition2
22:52:27.0657 2444 \Device\Harddisk0\DR0\Partition2 - ok
22:52:27.0688 2444 Boot (0x1200) (336923cb3c8d976dd5751a1b9424d351) \Device\Harddisk0\DR0\Partition3
22:52:27.0688 2444 \Device\Harddisk0\DR0\Partition3 - ok
22:52:27.0704 2444 Boot (0x1200) (3782f4317096898d013dbe5e7bdd6b5b) \Device\Harddisk1\DR1\Partition0
22:52:27.0704 2444 \Device\Harddisk1\DR1\Partition0 - ok
22:52:27.0719 2444 ============================================================
22:52:27.0719 2444 Scan finished
22:52:27.0719 2444 ============================================================
22:52:27.0782 2524 Detected object count: 0
22:52:27.0782 2524 Actual detected object count: 0

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.

• Double click the aswMBR.exe icon to run it
  
• Click the Scan button to start the scan
  
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo

aswMBR log:


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-11 23:53:33
-----------------------------
23:53:33.451 OS Version: Windows 6.1.7601 Service Pack 1
23:53:33.451 Number of processors: 2 586 0x1C0A
23:53:33.451 ComputerName: MUDBUTT UserName: Gunner
23:54:19.405 Initialize success
23:55:11.522 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:55:11.522 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
23:55:11.569 Disk 0 MBR read successfully
23:55:11.584 Disk 0 MBR scan
23:55:11.600 Disk 0 unknown MBR code
23:55:11.615 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:55:11.647 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 286480 MB offset 409600
23:55:11.678 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 18461 MB offset 587120640
23:55:11.725 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
23:55:11.740 Disk 0 scanning sectors +625140400
23:55:11.818 Disk 0 scanning C:\Windows\system32\drivers
23:55:24.127 Service scanning
23:55:26.513 Modules scanning
23:55:46.076 Disk 0 trace - called modules:
23:55:46.123 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
23:55:46.138 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85eca030]
23:55:46.154 3 CLASSPNP.SYS[86b7959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x843fb028]
23:55:46.185 Scan finished successfully
23:56:03.176 Disk 0 MBR has been saved successfully to "C:\Users\Gunner\Desktop\MBR.dat"
23:56:03.207 The log file has been saved successfully to "C:\Users\Gunner\Desktop\aswMBRlog.txt"



Problem encountered: I finished running aswMBR and saved the log to the desktop. I wanted to open the .txt file, so I double clicked it, which actually started Combofix again (because I had previously needed to open that script file by changing how windows opens those files). So when the blue Combofix window opened, I clicked the DOS icon in the upper left and closed the program before it got any further. I changed the .txt files so that they open normally with notepad now. I opened the log and was able to save it to my flashdrive.

This post has been edited by FreshParadigm: 12 January 2012 - 01:03 AM

Re-Run aswMBR

• Click Scan
  
• On completion of the scan, click the FIXMBR button
  
• There is a slight pause after clicking the 'Fix' button.
  
• Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  
• Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.
  
  Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  
  
• Save the log as before and post in your next reply.

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-12 21:55:00
-----------------------------
21:55:00.145 OS Version: Windows 6.1.7601 Service Pack 1
21:55:00.145 Number of processors: 2 586 0x1C0A
21:55:00.145 ComputerName: MUDBUTT UserName: Gunner
21:55:01.174 Initialize success
21:55:35.757 Verifying
21:55:45.788 Disk 0 Windows 601 MBR fixed successfully
21:57:21.525 Disk 0 MBR has been saved successfully to "C:\Users\Gunner\Desktop\MBR.dat"
21:57:21.525 The log file has been saved successfully to "C:\Users\Gunner\Desktop\aswMBRfixmbrlog.txt"


waited for about 10 minutes. The program never said anything about an infection being fixed successfully. Also, a log did not automatically pop up, I had to save the log manually.

run a scan again with aswmbr


gringo

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-13 16:42:56
-----------------------------
16:42:56.498 OS Version: Windows 6.1.7601 Service Pack 1
16:42:56.498 Number of processors: 2 586 0x1C0A
16:42:56.498 ComputerName: MUDBUTT UserName: Gunner
16:42:57.637 Initialize success
16:46:54.160 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:46:54.176 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
16:46:54.192 Disk 0 MBR read successfully
16:46:54.207 Disk 0 MBR scan
16:46:54.223 Disk 0 Windows 7 default MBR code
16:46:54.238 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
16:46:54.254 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 286480 MB offset 409600
16:46:54.270 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 18461 MB offset 587120640
16:46:54.285 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
16:46:54.301 Disk 0 scanning sectors +625140400
16:46:54.394 Disk 0 scanning C:\Windows\system32\drivers
16:47:08.778 Service scanning
16:47:11.180 Modules scanning
16:47:26.764 Disk 0 trace - called modules:
16:47:26.827 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:47:26.842 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ec7420]
16:47:26.874 3 CLASSPNP.SYS[86b8659e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8403b028]
16:47:26.889 Scan finished successfully
16:48:30.771 Disk 0 MBR has been saved successfully to "C:\Users\Gunner\Desktop\MBR.dat"
16:48:30.803 The log file has been saved successfully to "C:\Users\Gunner\Desktop\aswMBRlog2.txt"