Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC slowing down, Hijack This log attached


  • This topic is locked This topic is locked
42 replies to this topic

#1 jac335

jac335

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 20 January 2011 - 09:54 PM

Hello,

Recently my PC has become really slow over the last couple weeks, especially with web pages. Sites like Youtube and Hulu are pretty much un-usable at this point. I have a Hijack This log from a scan I ran this morning (1/20/11, not sure why the date in the scan says 9/11/10), see below, but I'm not sure what it's telling me.

Can anyone help?

-JC




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:39 PM, on 9/11/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15438&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100811202332.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKLM\..\RunOnce: [Skype 4.2 Upgrade Job] "C:\ProgramData\Dell\SkypeUpgrade\SkypeSetupFull(4.2.0.169).exe" "/verysilent" "/nodesktopicon" "/nolaunch" "/nostartup"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0113401284080538) (0113401284080538mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\011340~1.EXE
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - c:\program files (x86)\dell datasafe local backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13146 bytes

BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:51 PM

Posted 26 January 2011 - 01:18 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 jac335

jac335
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 26 January 2011 - 11:51 PM

Casey,

Thanks for getting back to me. I have not resolved the issue.

As if the last few weeks, my laptop has been very slow, especially websites. Programs take longer to open. Sites like Hulu and Youtube, and any other site with flash content, take forever to load. In general, everything seems to have slowed down.

Below is the log file generated from the DDS scan. It instructed me to post one of the .txt files (see below) and attach the other one (see attached).

I have a 64-bit version of Windows 7, so I skipped the GMER scan as instructed.

Thank you for your help, I'll wait to hear back from you/someone else.





DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Jake at 23:37:37.40 on Wed 01/26/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2658 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Users\Jake\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = local
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101109085553.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AdobeBridge]
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {09E90109-A9AA-4980-BCEF-76F8D924E902}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101109085553.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
IE-X64: {09E90109-A9AA-4980-BCEF-76F8D924E902}
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\jqdt0pf4.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox|http://www.facebook.com/
FF - prefs.js: network.proxy.type - 2
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jake\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-1-5 529128]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-1-5 283360]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-1-5 75032]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-8-7 89600]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-7 13336]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-7 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-7 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-7 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-8-7 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-8-7 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-8-7 149032]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-7 689472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-7

2320920]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-8-7 20984]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-1-5 62800]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-8-7 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-7 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-7 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-7 271872]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-1-5 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-1-5 441328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-8-21

1038088]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-1-5 94864]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-8-7 232480]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-7 325152]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-17 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 McOobeSv;McAfee OOBE Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-7 355440]

=============== Created Last 30 ================

2011-01-19 05:18:46 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-01-19 04:11:02 -------- d-----w- C:\Users\Jake\AppData\Roaming\Malwarebytes
2011-01-19 04:10:55 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-19 04:10:55 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-19 04:10:50 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-01-19 04:10:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-18 02:35:14 -------- d-----w- C:\Users\Jake\AppData\Roaming\Roxio Log Files
2011-01-17 22:02:43 -------- d-----w- C:\BywifiShare
2011-01-17 22:02:43 -------- d-----w- C:\BywifiSave
2011-01-17 22:02:38 -------- d-----w- C:\Program Files (x86)\Bywifi
2011-01-12 04:21:23 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-12 04:21:23 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-12 04:21:23 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-12 04:21:22 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 04:21:22 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-12 04:21:22 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-12 04:21:22 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 04:21:22 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 04:21:22 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-12 04:21:22 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-03 21:25:03 176488 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin

==================== Find3M ====================

2010-12-02 03:35:18 4280320 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2010-11-12 23:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll
2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll
2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

============= FINISH: 23:38:41.49 ===============

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 27 January 2011 - 10:50 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed and you will be advised when I respond to your topic by email.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========



Please download ComboFix from one of these locations:

Link 1
Link 2

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Right click it and run as admin & follow the prompts.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 jac335

jac335
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 28 January 2011 - 12:09 AM

thcbytes,

Thanks for the response. Here are the Combofix and TDSSkiller logs. TDSSkiller said it found 0 malicious objects, not sure what to make of that.

Thanks for your help, I'll wait for your reply.





ComboFix 11-01-24.01 - Jake 01/27/2011 23:55:52.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2402 [GMT -5:00]
Running from: c:\users\Jake\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-28 )))))))))))))))))))))))))))))))
.

2011-01-28 04:59 . 2011-01-28 04:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-19 05:18 . 2011-01-22 23:36 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-01-19 04:11 . 2011-01-19 04:11 -------- d-----w- c:\users\Jake\AppData\Roaming\Malwarebytes
2011-01-19 04:10 . 2011-01-19 04:10 -------- d-----w- c:\programdata\Malwarebytes
2011-01-19 04:10 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-19 04:10 . 2011-01-19 04:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-19 04:10 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-18 02:35 . 2011-01-18 02:35 -------- d-----w- c:\users\Jake\AppData\Roaming\Roxio Log Files
2011-01-17 22:02 . 2011-01-19 05:08 -------- d-----w- C:\BywifiShare
2011-01-17 22:02 . 2011-01-17 22:02 -------- d-----w- C:\BywifiSave
2011-01-17 22:02 . 2011-01-19 05:25 -------- d-----w- c:\program files (x86)\Bywifi
2011-01-12 04:21 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 04:21 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 04:21 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-12 04:21 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 04:21 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 04:21 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 04:21 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 04:21 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 04:21 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 04:21 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-08 16:34 . 2011-01-08 16:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-01-03 21:25 . 2011-01-03 21:25 176488 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
2010-11-12 23:53 . 2010-10-15 01:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-11-04 06:35 . 2010-12-16 03:30 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-16 03:30 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-16 03:30 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-16 03:30 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-16 03:30 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-16 03:30 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-16 03:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-16 03:30 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-16 03:30 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-16 03:30 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:17 . 2010-12-16 03:30 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:16 . 2010-12-16 03:30 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-16 03:30 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-16 03:30 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-16 03:30 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-16 03:30 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-16 03:30 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-16 03:30 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1484856]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-22 1038088]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 94864]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-17 325152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-18 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-14 283360]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-14 75032]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-03-17 89600]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-14 149032]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-17 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-03 20984]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 62800]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-03-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 441328]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*Deregistered* - klmd25
*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1471241226-755212353-2797023242-1001Core.job
- c:\users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-06 23:48]

2011-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1471241226-755212353-2797023242-1001UA.job
- c:\users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-06 23:48]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 413720]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902}
FF - ProfilePath - c:\users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\jqdt0pf4.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox|http://www.facebook.com/
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-28 00:01:26
ComboFix-quarantined-files.txt 2011-01-28 05:01
ComboFix2.txt 2011-01-28 04:50

Pre-Run: 222,553,808,896 bytes free
Post-Run: 222,491,721,728 bytes free

- - End Of File - - 7040013F422D96E4A4764081975DAD8F








2011/01/28 00:07:02.0774 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/28 00:07:02.0774 ================================================================================
2011/01/28 00:07:02.0774 SystemInfo:
2011/01/28 00:07:02.0774
2011/01/28 00:07:02.0774 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/28 00:07:02.0774 Product type: Workstation
2011/01/28 00:07:02.0774 ComputerName: JAKE-PC
2011/01/28 00:07:02.0775 UserName: Jake
2011/01/28 00:07:02.0775 Windows directory: C:\Windows
2011/01/28 00:07:02.0775 System windows directory: C:\Windows
2011/01/28 00:07:02.0776 Running under WOW64
2011/01/28 00:07:02.0776 Processor architecture: Intel x64
2011/01/28 00:07:02.0776 Number of processors: 4
2011/01/28 00:07:02.0776 Page size: 0x1000
2011/01/28 00:07:02.0776 Boot type: Normal boot
2011/01/28 00:07:02.0776 ================================================================================
2011/01/28 00:07:03.0134 Initialize success
2011/01/28 00:07:04.0400 ================================================================================
2011/01/28 00:07:04.0400 Scan started
2011/01/28 00:07:04.0400 Mode: Manual;
2011/01/28 00:07:04.0400 ================================================================================
2011/01/28 00:07:05.0093 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/01/28 00:07:05.0274 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/01/28 00:07:05.0378 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/01/28 00:07:05.0511 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/01/28 00:07:05.0738 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/28 00:07:05.0844 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/28 00:07:05.0959 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/28 00:07:06.0139 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/01/28 00:07:06.0253 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/01/28 00:07:06.0406 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/01/28 00:07:06.0528 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/01/28 00:07:06.0631 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/28 00:07:06.0744 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/28 00:07:06.0859 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/01/28 00:07:07.0030 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/28 00:07:07.0143 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/01/28 00:07:07.0242 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/01/28 00:07:07.0422 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/01/28 00:07:07.0526 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/28 00:07:07.0626 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/28 00:07:07.0730 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/01/28 00:07:07.0874 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/01/28 00:07:07.0980 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/01/28 00:07:08.0080 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
2011/01/28 00:07:08.0301 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/01/28 00:07:08.0446 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
2011/01/28 00:07:08.0596 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/01/28 00:07:08.0723 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/28 00:07:08.0828 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/28 00:07:08.0935 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/28 00:07:09.0027 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/28 00:07:09.0136 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/01/28 00:07:09.0235 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/28 00:07:09.0346 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/28 00:07:09.0435 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/28 00:07:09.0538 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/28 00:07:09.0662 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/28 00:07:09.0761 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/28 00:07:09.0868 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys
2011/01/28 00:07:10.0021 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/28 00:07:10.0121 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/01/28 00:07:10.0264 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/28 00:07:10.0345 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/01/28 00:07:10.0470 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/01/28 00:07:10.0588 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/28 00:07:10.0697 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/01/28 00:07:10.0812 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/28 00:07:10.0944 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/01/28 00:07:11.0111 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/01/28 00:07:11.0215 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/01/28 00:07:11.0334 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/01/28 00:07:11.0475 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/01/28 00:07:11.0596 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/01/28 00:07:11.0719 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/01/28 00:07:11.0834 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/01/28 00:07:11.0956 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/28 00:07:12.0165 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/01/28 00:07:12.0351 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/28 00:07:12.0456 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/01/28 00:07:12.0580 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/01/28 00:07:12.0676 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/01/28 00:07:12.0786 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/28 00:07:12.0913 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/01/28 00:07:13.0007 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/01/28 00:07:13.0132 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/28 00:07:13.0225 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/01/28 00:07:13.0343 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/01/28 00:07:13.0429 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/28 00:07:13.0538 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/28 00:07:13.0696 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/28 00:07:13.0816 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/28 00:07:14.0011 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/28 00:07:14.0126 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/01/28 00:07:14.0229 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/28 00:07:14.0329 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/01/28 00:07:14.0459 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/28 00:07:14.0558 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/28 00:07:14.0639 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/28 00:07:14.0751 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/28 00:07:14.0886 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/01/28 00:07:15.0013 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/01/28 00:07:15.0122 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/28 00:07:15.0229 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/28 00:07:15.0353 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
2011/01/28 00:07:15.0501 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/01/28 00:07:15.0879 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/01/28 00:07:16.0059 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/28 00:07:16.0171 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/01/28 00:07:16.0364 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/01/28 00:07:16.0517 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/28 00:07:16.0617 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/28 00:07:16.0745 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/28 00:07:16.0848 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/01/28 00:07:16.0949 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/01/28 00:07:17.0052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/01/28 00:07:17.0148 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/01/28 00:07:17.0252 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/28 00:07:17.0382 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/28 00:07:17.0475 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/28 00:07:17.0587 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/28 00:07:17.0681 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/28 00:07:17.0820 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/01/28 00:07:17.0980 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/28 00:07:18.0123 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/28 00:07:18.0225 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/28 00:07:18.0317 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/28 00:07:18.0409 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/28 00:07:18.0511 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/01/28 00:07:18.0678 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/28 00:07:18.0787 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/28 00:07:18.0881 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys
2011/01/28 00:07:19.0035 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys
2011/01/28 00:07:19.0308 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys
2011/01/28 00:07:19.0468 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys
2011/01/28 00:07:19.0612 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/01/28 00:07:19.0788 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys
2011/01/28 00:07:19.0965 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys
2011/01/28 00:07:20.0109 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/01/28 00:07:20.0209 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/28 00:07:20.0305 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/28 00:07:20.0416 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/28 00:07:20.0534 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/01/28 00:07:20.0629 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/01/28 00:07:20.0729 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/28 00:07:20.0833 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/01/28 00:07:20.0933 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/28 00:07:21.0076 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/28 00:07:21.0232 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/28 00:07:21.0396 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
2011/01/28 00:07:21.0534 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/01/28 00:07:21.0627 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/01/28 00:07:21.0734 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/28 00:07:21.0824 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/01/28 00:07:21.0947 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/28 00:07:22.0055 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/28 00:07:22.0157 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/01/28 00:07:22.0254 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/01/28 00:07:22.0348 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/28 00:07:22.0446 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/01/28 00:07:22.0535 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/28 00:07:22.0637 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/01/28 00:07:22.0768 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/28 00:07:22.0916 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/01/28 00:07:23.0027 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/28 00:07:23.0135 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/28 00:07:23.0251 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/28 00:07:23.0357 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/28 00:07:23.0475 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/01/28 00:07:23.0622 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/28 00:07:23.0720 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/28 00:07:23.0849 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/28 00:07:23.0960 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/01/28 00:07:24.0079 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/28 00:07:24.0213 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/01/28 00:07:24.0313 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/01/28 00:07:24.0405 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/01/28 00:07:24.0509 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/01/28 00:07:24.0633 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/01/28 00:07:24.0756 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/28 00:07:24.0888 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/01/28 00:07:24.0986 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/01/28 00:07:25.0095 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/01/28 00:07:25.0187 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/28 00:07:25.0291 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/28 00:07:25.0392 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/01/28 00:07:25.0496 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/01/28 00:07:25.0695 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/28 00:07:25.0781 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/01/28 00:07:25.0901 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/28 00:07:26.0031 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/28 00:07:26.0161 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/28 00:07:26.0265 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/28 00:07:26.0376 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/28 00:07:26.0468 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/28 00:07:26.0575 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/28 00:07:26.0677 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/28 00:07:26.0787 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/28 00:07:26.0893 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/28 00:07:26.0983 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/28 00:07:27.0075 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/28 00:07:27.0185 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/28 00:07:27.0292 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/28 00:07:27.0398 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/01/28 00:07:27.0516 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/01/28 00:07:27.0656 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/28 00:07:27.0776 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys
2011/01/28 00:07:27.0935 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/01/28 00:07:28.0074 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/01/28 00:07:28.0165 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/28 00:07:28.0321 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/01/28 00:07:28.0434 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/28 00:07:28.0547 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/01/28 00:07:28.0648 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/28 00:07:28.0772 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/28 00:07:28.0862 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/28 00:07:28.0962 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/28 00:07:29.0102 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/28 00:07:29.0241 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/28 00:07:29.0354 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/28 00:07:29.0456 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/01/28 00:07:29.0571 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/01/28 00:07:29.0711 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/01/28 00:07:29.0880 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/28 00:07:30.0041 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/28 00:07:30.0236 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/28 00:07:30.0386 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/01/28 00:07:30.0546 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/28 00:07:30.0688 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
2011/01/28 00:07:30.0875 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/01/28 00:07:31.0077 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/28 00:07:31.0172 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/28 00:07:31.0272 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/01/28 00:07:31.0384 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/01/28 00:07:31.0484 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/28 00:07:31.0574 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/28 00:07:31.0685 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/28 00:07:31.0802 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/28 00:07:31.0903 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/28 00:07:32.0000 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/28 00:07:32.0190 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/01/28 00:07:32.0288 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/28 00:07:32.0391 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/28 00:07:32.0524 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/28 00:07:32.0631 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/01/28 00:07:32.0723 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/28 00:07:32.0906 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/28 00:07:33.0043 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/28 00:07:33.0159 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/28 00:07:33.0261 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/28 00:07:33.0372 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/28 00:07:33.0490 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/28 00:07:33.0607 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/01/28 00:07:33.0772 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/01/28 00:07:33.0886 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/28 00:07:33.0993 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/01/28 00:07:34.0105 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/01/28 00:07:34.0207 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/01/28 00:07:34.0295 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/01/28 00:07:34.0400 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/01/28 00:07:34.0506 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/01/28 00:07:34.0631 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/28 00:07:34.0735 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/01/28 00:07:34.0828 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/01/28 00:07:34.0940 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/28 00:07:35.0046 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/28 00:07:35.0068 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/28 00:07:35.0188 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/01/28 00:07:35.0331 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/28 00:07:35.0462 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/28 00:07:35.0563 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/01/28 00:07:35.0753 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/01/28 00:07:35.0913 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/28 00:07:36.0030 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/28 00:07:36.0156 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
2011/01/28 00:07:36.0316 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/28 00:07:36.0481 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/01/28 00:07:43.0573 ================================================================================
2011/01/28 00:07:43.0573 Scan finished
2011/01/28 00:07:43.0573 ================================================================================

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 28 January 2011 - 01:07 PM

Well done. I am not seeing much. Let's look in a few more places and try a few things...

Your hard disk displays errors - Let's fix that!

  • Press the Windows Logo Key + R simultaneously
  • Copy/paste chkdsk /f in the run box then click OK
  • Reboot
  • Allow the utility to run

==========

You may have corrupt critical system files. Let's see if we can fix that.
  • Select Posted Image
  • Select All Programs
  • Select Accessories
  • Right click Command Prompt and choose Run as administrator
Posted Image
  • If you have the User Account Control (UAC) enabled you will be asked for authorization prior to the command prompt opening.
  • You may simply need to press the Continue button if you are the administrator or insert the administrator password.
  • Copy & paste sfc /scannow in the command window and press enter.
    • Be patient because the scan may take some time.

    • When that has completed then we need to create a logfile.

  • Repeat the process but this time copy & paste findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt in the command window and press Enter.

    Note: This will place a sfcdetails.txt file on your desktop with the SFC scan details from the CBS.LOG. Please copy and paste that log into your next reply.

==========

Please download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (With Vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • A log named MBRcheck will be on your desktop
  • Copy and paste that log in your next reply

==========

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 jac335

jac335
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 29 January 2011 - 05:43 PM

thcbytes,

Here are the logs from the latest scan. When running MBRcheck, I received a message saying "nonstandard or infected MBR", which hopefully means something to you (its all Greek to me). It told me to press enter or N (for NO). I pressed enter, but nothing happened, so I closed the program. I opened the log file, which is pasted below.

Thanks again for your help, its very much appreciated.





MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron N5010
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 198):
0x03262000 \SystemRoot\system32\ntoskrnl.exe
0x03219000 \SystemRoot\system32\hal.dll
0x00BD1000 \SystemRoot\system32\kdcom.dll
0x00C98000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CDC000 \SystemRoot\system32\PSHED.dll
0x00CF0000 \SystemRoot\system32\CLFS.SYS
0x00E42000 \SystemRoot\system32\CI.dll
0x00F02000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FA6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00D4E000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FB5000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FBE000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FC8000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
0x00E22000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E2B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00DA5000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
0x01098000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x012A0000 \SystemRoot\system32\DRIVERS\atapi.sys
0x012A9000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x012D3000 \SystemRoot\system32\DRIVERS\msahci.sys
0x012DE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x012EE000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x012F9000 \SystemRoot\system32\drivers\fltmgr.sys
0x01345000 \SystemRoot\system32\drivers\fileinfo.sys
0x01359000 \SystemRoot\system32\drivers\mfehidk.sys
0x01407000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x015AA000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0163D000 \SystemRoot\System32\Drivers\cng.sys
0x016B0000 \SystemRoot\System32\drivers\pcw.sys
0x016C1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016CB000 \SystemRoot\system32\drivers\ndis.sys
0x0188B000 \SystemRoot\system32\drivers\NETIO.SYS
0x018EB000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A03000 \SystemRoot\System32\drivers\tcpip.sys
0x01916000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01960000 \SystemRoot\system32\drivers\mfewfpk.sys
0x019A4000 \SystemRoot\system32\drivers\TDI.SYS
0x019B1000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01800000 \SystemRoot\System32\Drivers\spldr.sys
0x01808000 \SystemRoot\System32\drivers\rdyboost.sys
0x01842000 \SystemRoot\System32\Drivers\mup.sys
0x01854000 \SystemRoot\System32\drivers\hwpolicy.sys
0x017BD000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0185D000 \SystemRoot\system32\DRIVERS\disk.sys
0x01600000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x04273000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0429D000 \SystemRoot\System32\Drivers\Null.SYS
0x042A6000 \SystemRoot\System32\Drivers\Beep.SYS
0x042AD000 \SystemRoot\System32\drivers\vga.sys
0x042BB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x042E0000 \SystemRoot\System32\drivers\watchdog.sys
0x042F0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x042F9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04302000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0430B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04316000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04327000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04345000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02EDE000 \SystemRoot\system32\drivers\afd.sys
0x02F68000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F71000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F97000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02FAD000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x02FBE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02FCD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02FE8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02E68000 \SystemRoot\System32\drivers\discache.sys
0x02E77000 \SystemRoot\System32\Drivers\dfsc.sys
0x02E95000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02EA6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04A0E000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x044E9000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04400000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04446000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04457000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04468000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x044BE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x058ED000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x05BDC000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05851000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0586F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x058BE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x058C0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x058CF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x058DE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0438A000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x05BE9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05BF2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x045DD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x053E7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x043B1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x043C7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x045F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04000000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0402F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x015C4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x015E5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05BF7000 \SystemRoot\system32\DRIVERS\bcmvwl64.sys
0x058EB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x00DBA000 \SystemRoot\system32\DRIVERS\ks.sys
0x02ECC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04611000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0466B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04680000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x046FF000 \SystemRoot\system32\DRIVERS\portcls.sys
0x0473C000 \SystemRoot\system32\DRIVERS\drmk.sys
0x0475E000 \SystemRoot\system32\drivers\ksthunk.sys
0x04764000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x047AB000 \SystemRoot\system32\drivers\mfeavfk.sys
0x05EEB000 \SystemRoot\system32\drivers\mfefirek.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x05F55000 \SystemRoot\System32\drivers\Dxapi.sys
0x05F61000 \SystemRoot\system32\DRIVERS\monitor.sys
0x05F6F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05F8C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05FA7000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05FD5000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x05E00000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05E0E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05E27000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05E30000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05E3D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x0404A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05E4B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00760000 \SystemRoot\System32\cdd.dll
0x00860000 \SystemRoot\System32\ATMFD.DLL
0x05E5E000 \SystemRoot\system32\drivers\luafv.sys
0x05E81000 \SystemRoot\system32\drivers\WudfPf.sys
0x05EA2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0281E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02871000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02884000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0289C000 \SystemRoot\system32\drivers\HTTP.sys
0x02964000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02982000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0299A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x029C7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02800000 \SystemRoot\System32\Drivers\adfs.SYS
0x03AD7000 \SystemRoot\system32\drivers\peauth.sys
0x03B7D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03B88000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03BB5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03A00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0609B000 \SystemRoot\System32\DRIVERS\srv.sys
0x06131000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x0613A000 \SystemRoot\system32\drivers\cfwids.sys
0x06148000 \SystemRoot\system32\drivers\mfeapfk.sys
0x06164000 \SystemRoot\System32\Drivers\fastfat.SYS
0x76DB0000 \Windows\System32\ntdll.dll
0x47F70000 \Windows\System32\smss.exe
0xFF0D0000 \Windows\System32\apisetschema.dll
0xFF5A0000 \Windows\System32\autochk.exe
0xFF020000 \Windows\System32\clbcatq.dll
0xFEFB0000 \Windows\System32\gdi32.dll
0xFEF80000 \Windows\System32\imm32.dll
0xFEF60000 \Windows\System32\sechost.dll
0xFEF10000 \Windows\System32\Wldap32.dll
0x76CB0000 \Windows\System32\user32.dll
0xFEF00000 \Windows\System32\lpk.dll
0xFECA0000 \Windows\System32\iertutil.dll
0x76F80000 \Windows\System32\psapi.dll
0xFEBD0000 \Windows\System32\usp10.dll
0xFEAA0000 \Windows\System32\wininet.dll
0xFE8C0000 \Windows\System32\setupapi.dll
0xFE7E0000 \Windows\System32\oleaut32.dll
0xFE5D0000 \Windows\System32\ole32.dll
0x76B90000 \Windows\System32\kernel32.dll
0xFE580000 \Windows\System32\ws2_32.dll
0xFE450000 \Windows\System32\rpcrt4.dll
0xFE3D0000 \Windows\System32\shlwapi.dll
0xFE3B0000 \Windows\System32\imagehlp.dll
0xFD620000 \Windows\System32\shell32.dll
0x76F70000 \Windows\System32\normaliz.dll
0xFD540000 \Windows\System32\advapi32.dll
0xFD4A0000 \Windows\System32\msvcrt.dll
0xFD400000 \Windows\System32\comdlg32.dll
0xFD3F0000 \Windows\System32\nsi.dll
0xFD270000 \Windows\System32\urlmon.dll
0xFD1F0000 \Windows\System32\difxapi.dll
0xFD0E0000 \Windows\System32\msctf.dll
0xFD0C0000 \Windows\System32\devobj.dll
0xFD020000 \Windows\System32\comctl32.dll
0xFCEB0000 \Windows\System32\crypt32.dll
0xFCE40000 \Windows\System32\KernelBase.dll
0xFCE00000 \Windows\System32\cfgmgr32.dll
0xFCDC0000 \Windows\System32\wintrust.dll
0xFCDB0000 \Windows\System32\msasn1.dll
0x76270000 \Windows\SysWOW64\normaliz.dll

Processes (total 84):
0 System Idle Process
4 System
336 C:\Windows\System32\smss.exe
524 csrss.exe
608 C:\Windows\System32\wininit.exe
628 csrss.exe
664 C:\Windows\System32\services.exe
692 C:\Windows\System32\lsass.exe
700 C:\Windows\System32\lsm.exe
796 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
356 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\stacsv64.exe
892 C:\Windows\System32\svchost.exe
1056 C:\Program Files\Dell\DellDock\DockLogin.exe
1112 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\winlogon.exe
1228 C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
1236 C:\Windows\System32\wlanext.exe
1244 C:\Windows\System32\conhost.exe
1316 C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
1420 C:\Windows\System32\spoolsv.exe
1448 C:\Windows\System32\svchost.exe
1700 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
1728 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1860 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1888 C:\Windows\System32\svchost.exe
1920 C:\Windows\SysWOW64\svchost.exe
2004 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
2028 C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
1052 C:\Windows\System32\svchost.exe
1600 C:\Windows\System32\svchost.exe
1780 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2076 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2172 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2340 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
2376 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2492 C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
2584 C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
2644 C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
2136 C:\Windows\System32\svchost.exe
3076 C:\Windows\System32\svchost.exe
3608 WmiPrvSE.exe
3680 C:\Windows\System32\SearchIndexer.exe
3728 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
1912 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
2800 C:\Program Files\Windows Media Player\wmpnetwk.exe
3760 C:\Windows\servicing\TrustedInstaller.exe
4052 C:\Windows\System32\taskhost.exe
728 C:\Windows\System32\dwm.exe
3180 C:\Windows\explorer.exe
3764 C:\Program Files\IDT\WDM\sttray64.exe
3940 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1220 C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
3868 C:\Windows\System32\igfxtray.exe
4000 C:\Windows\System32\hkcmd.exe
1500 C:\Windows\System32\igfxpers.exe
4144 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
4392 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
4432 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4452 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
4504 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
4512 C:\Program Files\mcafee.com\agent\mcagent.exe
4520 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
4608 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
4724 C:\Windows\System32\svchost.exe
5072 C:\Windows\System32\svchost.exe
4412 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
4748 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
4720 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
4980 dllhost.exe
5880 C:\Users\Jake\AppData\Local\Google\Chrome\Application\chrome.exe
4756 C:\Users\Jake\AppData\Local\Google\Chrome\Application\chrome.exe
5632 C:\Windows\System32\taskeng.exe
3988 C:\Windows\System32\SearchProtocolHost.exe
5972 C:\Windows\System32\SearchFilterHost.exe
5280 C:\Users\Jake\AppData\Local\Google\Chrome\Application\chrome.exe
5860 C:\Windows\System32\audiodg.exe
3928 dllhost.exe
4904 dllhost.exe
4864 C:\Users\Jake\Desktop\MBRCheck.exe
3424 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`afd00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3265GSX, Rev: GJ002D
PhysicalDrive1 Model Number: Maxtor2, Rev: 0344

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: FDDCA5E0C8B6CE20A905CF4F023347B822E0808A
149 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:




2011-01-29 13:24:22, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:24:22, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2011-01-29 13:24:24, Info CSI 0000000c [SR] Verify complete
2011-01-29 13:24:24, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:24:24, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2011-01-29 13:24:25, Info CSI 00000010 [SR] Verify complete
2011-01-29 13:24:26, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:24:26, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2011-01-29 13:24:28, Info CSI 00000014 [SR] Verify complete
2011-01-29 13:24:29, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:24:29, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2011-01-29 13:24:31, Info CSI 00000018 [SR] Verify complete
2011-01-29 13:24:31, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:24:31, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2011-01-29 13:24:34, Info CSI 0000001c [SR] Verify complete
2011-01-29 13:24:34, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:24:34, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2011-01-29 13:24:36, Info CSI 00000020 [SR] Verify complete
2011-01-29 13:24:36, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:24:36, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2011-01-29 13:24:40, Info CSI 00000024 [SR] Verify complete
2011-01-29 13:24:40, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:24:40, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2011-01-29 13:24:41, Info CSI 00000028 [SR] Verify complete
2011-01-29 13:24:42, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:24:42, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2011-01-29 13:24:43, Info CSI 0000002c [SR] Verify complete
2011-01-29 13:24:43, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:24:43, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2011-01-29 13:24:48, Info CSI 00000031 [SR] Verify complete
2011-01-29 13:24:48, Info CSI 00000032 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:24:48, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2011-01-29 13:24:53, Info CSI 00000038 [SR] Verify complete
2011-01-29 13:24:53, Info CSI 00000039 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:24:53, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2011-01-29 13:24:56, Info CSI 0000003d [SR] Verify complete
2011-01-29 13:24:56, Info CSI 0000003e [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:24:56, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2011-01-29 13:25:00, Info CSI 00000041 [SR] Verify complete
2011-01-29 13:25:00, Info CSI 00000042 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:25:00, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2011-01-29 13:25:05, Info CSI 00000050 [SR] Verify complete
2011-01-29 13:25:05, Info CSI 00000051 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:25:05, Info CSI 00000052 [SR] Beginning Verify and Repair transaction
2011-01-29 13:25:10, Info CSI 0000006c [SR] Verify complete
2011-01-29 13:25:11, Info CSI 0000006d [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:25:11, Info CSI 0000006e [SR] Beginning Verify and Repair transaction
2011-01-29 13:25:15, Info CSI 00000070 [SR] Verify complete
2011-01-29 13:25:16, Info CSI 00000071 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:25:16, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2011-01-29 13:25:20, Info CSI 00000074 [SR] Verify complete
2011-01-29 13:25:20, Info CSI 00000075 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:25:20, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2011-01-29 13:25:25, Info CSI 00000078 [SR] Verify complete
2011-01-29 13:25:25, Info CSI 00000079 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:25:25, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2011-01-29 13:25:28, Info CSI 0000007c [SR] Verify complete
2011-01-29 13:25:29, Info CSI 0000007d [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:25:29, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2011-01-29 13:25:36, Info CSI 00000082 [SR] Verify complete
2011-01-29 13:25:36, Info CSI 00000083 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:25:36, Info CSI 00000084 [SR] Beginning Verify and Repair transaction
2011-01-29 13:25:44, Info CSI 000000a5 [SR] Verify complete
2011-01-29 13:25:44, Info CSI 000000a6 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:25:44, Info CSI 000000a7 [SR] Beginning Verify and Repair transaction
2011-01-29 13:25:54, Info CSI 000000a9 [SR] Verify complete
2011-01-29 13:25:54, Info CSI 000000aa [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:25:54, Info CSI 000000ab [SR] Beginning Verify and Repair transaction
2011-01-29 13:26:03, Info CSI 000000af [SR] Verify complete
2011-01-29 13:26:04, Info CSI 000000b0 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:26:04, Info CSI 000000b1 [SR] Beginning Verify and Repair transaction
2011-01-29 13:26:06, Info CSI 000000b3 [SR] Verify complete
2011-01-29 13:26:06, Info CSI 000000b4 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:26:06, Info CSI 000000b5 [SR] Beginning Verify and Repair transaction
2011-01-29 13:26:08, Info CSI 000000b7 [SR] Verify complete
2011-01-29 13:26:08, Info CSI 000000b8 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:26:08, Info CSI 000000b9 [SR] Beginning Verify and Repair transaction
2011-01-29 13:26:10, Info CSI 000000bb [SR] Verify complete
2011-01-29 13:26:10, Info CSI 000000bc [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:26:10, Info CSI 000000bd [SR] Beginning Verify and Repair transaction
2011-01-29 13:26:20, Info CSI 000000d0 [SR] Verify complete
2011-01-29 13:26:20, Info CSI 000000d1 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:26:20, Info CSI 000000d2 [SR] Beginning Verify and Repair transaction
2011-01-29 13:26:23, Info CSI 000000d4 [SR] Verify complete
2011-01-29 13:26:23, Info CSI 000000d5 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:26:23, Info CSI 000000d6 [SR] Beginning Verify and Repair transaction
2011-01-29 13:26:26, Info CSI 000000d8 [SR] Verify complete
2011-01-29 13:26:26, Info CSI 000000d9 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:26:26, Info CSI 000000da [SR] Beginning Verify and Repair transaction
2011-01-29 13:26:29, Info CSI 000000dc [SR] Verify complete
2011-01-29 13:26:30, Info CSI 000000dd [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:26:30, Info CSI 000000de [SR] Beginning Verify and Repair transaction
2011-01-29 13:26:35, Info CSI 000000e1 [SR] Verify complete
2011-01-29 13:26:35, Info CSI 000000e2 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:26:35, Info CSI 000000e3 [SR] Beginning Verify and Repair transaction
2011-01-29 13:26:43, Info CSI 000000e5 [SR] Verify complete
2011-01-29 13:26:43, Info CSI 000000e6 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:26:43, Info CSI 000000e7 [SR] Beginning Verify and Repair transaction
2011-01-29 13:26:46, Info CSI 000000e9 [SR] Verify complete
2011-01-29 13:26:46, Info CSI 000000ea [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:26:46, Info CSI 000000eb [SR] Beginning Verify and Repair transaction
2011-01-29 13:26:48, Info CSI 000000ed [SR] Verify complete
2011-01-29 13:26:49, Info CSI 000000ee [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:26:49, Info CSI 000000ef [SR] Beginning Verify and Repair transaction
2011-01-29 13:26:56, Info CSI 000000f1 [SR] Verify complete
2011-01-29 13:26:56, Info CSI 000000f2 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:26:56, Info CSI 000000f3 [SR] Beginning Verify and Repair transaction
2011-01-29 13:27:02, Info CSI 000000f5 [SR] Verify complete
2011-01-29 13:27:02, Info CSI 000000f6 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:27:02, Info CSI 000000f7 [SR] Beginning Verify and Repair transaction
2011-01-29 13:27:11, Info CSI 000000f9 [SR] Verify complete
2011-01-29 13:27:12, Info CSI 000000fa [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:27:12, Info CSI 000000fb [SR] Beginning Verify and Repair transaction
2011-01-29 13:27:22, Info CSI 00000113 [SR] Verify complete
2011-01-29 13:27:23, Info CSI 00000114 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:27:23, Info CSI 00000115 [SR] Beginning Verify and Repair transaction
2011-01-29 13:27:29, Info CSI 00000117 [SR] Verify complete
2011-01-29 13:27:29, Info CSI 00000118 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:27:29, Info CSI 00000119 [SR] Beginning Verify and Repair transaction
2011-01-29 13:27:48, Info CSI 0000011b [SR] Verify complete
2011-01-29 13:27:48, Info CSI 0000011c [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:27:48, Info CSI 0000011d [SR] Beginning Verify and Repair transaction
2011-01-29 13:27:57, Info CSI 00000120 [SR] Verify complete
2011-01-29 13:27:57, Info CSI 00000121 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:27:57, Info CSI 00000122 [SR] Beginning Verify and Repair transaction
2011-01-29 13:28:08, Info CSI 00000124 [SR] Verify complete
2011-01-29 13:28:09, Info CSI 00000125 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:28:09, Info CSI 00000126 [SR] Beginning Verify and Repair transaction
2011-01-29 13:28:15, Info CSI 00000128 [SR] Verify complete
2011-01-29 13:28:15, Info CSI 00000129 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:28:15, Info CSI 0000012a [SR] Beginning Verify and Repair transaction
2011-01-29 13:28:21, Info CSI 0000012c [SR] Verify complete
2011-01-29 13:28:21, Info CSI 0000012d [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:28:21, Info CSI 0000012e [SR] Beginning Verify and Repair transaction
2011-01-29 13:28:26, Info CSI 00000132 [SR] Verify complete
2011-01-29 13:28:26, Info CSI 00000133 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:28:26, Info CSI 00000134 [SR] Beginning Verify and Repair transaction
2011-01-29 13:28:31, Info CSI 00000136 [SR] Verify complete
2011-01-29 13:28:31, Info CSI 00000137 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:28:31, Info CSI 00000138 [SR] Beginning Verify and Repair transaction
2011-01-29 13:28:47, Info CSI 0000013a [SR] Verify complete
2011-01-29 13:28:48, Info CSI 0000013b [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:28:48, Info CSI 0000013c [SR] Beginning Verify and Repair transaction
2011-01-29 13:28:58, Info CSI 0000013f [SR] Verify complete
2011-01-29 13:28:59, Info CSI 00000140 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:28:59, Info CSI 00000141 [SR] Beginning Verify and Repair transaction
2011-01-29 13:29:04, Info CSI 00000144 [SR] Verify complete
2011-01-29 13:29:04, Info CSI 00000145 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:29:04, Info CSI 00000146 [SR] Beginning Verify and Repair transaction
2011-01-29 13:29:11, Info CSI 00000148 [SR] Verify complete
2011-01-29 13:29:11, Info CSI 00000149 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:29:11, Info CSI 0000014a [SR] Beginning Verify and Repair transaction
2011-01-29 13:29:20, Info CSI 0000014d [SR] Verify complete
2011-01-29 13:29:20, Info CSI 0000014e [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:29:20, Info CSI 0000014f [SR] Beginning Verify and Repair transaction
2011-01-29 13:29:26, Info CSI 00000151 [SR] Verify complete
2011-01-29 13:29:26, Info CSI 00000152 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:29:26, Info CSI 00000153 [SR] Beginning Verify and Repair transaction
2011-01-29 13:29:32, Info CSI 00000155 [SR] Verify complete
2011-01-29 13:29:33, Info CSI 00000156 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:29:33, Info CSI 00000157 [SR] Beginning Verify and Repair transaction
2011-01-29 13:29:38, Info CSI 0000015a [SR] Verify complete
2011-01-29 13:29:39, Info CSI 0000015b [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:29:39, Info CSI 0000015c [SR] Beginning Verify and Repair transaction
2011-01-29 13:29:46, Info CSI 0000015e [SR] Verify complete
2011-01-29 13:29:46, Info CSI 0000015f [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:29:46, Info CSI 00000160 [SR] Beginning Verify and Repair transaction
2011-01-29 13:29:51, Info CSI 00000162 [SR] Verify complete
2011-01-29 13:29:51, Info CSI 00000163 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:29:51, Info CSI 00000164 [SR] Beginning Verify and Repair transaction
2011-01-29 13:29:59, Info CSI 00000167 [SR] Verify complete
2011-01-29 13:29:59, Info CSI 00000168 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:29:59, Info CSI 00000169 [SR] Beginning Verify and Repair transaction
2011-01-29 13:30:06, Info CSI 0000016d [SR] Verify complete
2011-01-29 13:30:06, Info CSI 0000016e [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:30:06, Info CSI 0000016f [SR] Beginning Verify and Repair transaction
2011-01-29 13:30:14, Info CSI 00000171 [SR] Verify complete
2011-01-29 13:30:14, Info CSI 00000172 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:30:14, Info CSI 00000173 [SR] Beginning Verify and Repair transaction
2011-01-29 13:30:21, Info CSI 00000176 [SR] Verify complete
2011-01-29 13:30:22, Info CSI 00000177 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:30:22, Info CSI 00000178 [SR] Beginning Verify and Repair transaction
2011-01-29 13:30:27, Info CSI 0000017a [SR] Verify complete
2011-01-29 13:30:27, Info CSI 0000017b [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:30:27, Info CSI 0000017c [SR] Beginning Verify and Repair transaction
2011-01-29 13:30:29, Info CSI 0000017e [SR] Verify complete
2011-01-29 13:30:29, Info CSI 0000017f [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:30:29, Info CSI 00000180 [SR] Beginning Verify and Repair transaction
2011-01-29 13:30:34, Info CSI 00000182 [SR] Verify complete
2011-01-29 13:30:34, Info CSI 00000183 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:30:34, Info CSI 00000184 [SR] Beginning Verify and Repair transaction
2011-01-29 13:30:40, Info CSI 00000186 [SR] Verify complete
2011-01-29 13:30:40, Info CSI 00000187 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:30:40, Info CSI 00000188 [SR] Beginning Verify and Repair transaction
2011-01-29 13:30:46, Info CSI 0000018a [SR] Verify complete
2011-01-29 13:30:46, Info CSI 0000018b [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:30:46, Info CSI 0000018c [SR] Beginning Verify and Repair transaction
2011-01-29 13:30:51, Info CSI 0000018e [SR] Verify complete
2011-01-29 13:30:51, Info CSI 0000018f [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:30:51, Info CSI 00000190 [SR] Beginning Verify and Repair transaction
2011-01-29 13:30:55, Info CSI 00000192 [SR] Verify complete
2011-01-29 13:30:56, Info CSI 00000193 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:30:56, Info CSI 00000194 [SR] Beginning Verify and Repair transaction
2011-01-29 13:31:07, Info CSI 00000196 [SR] Verify complete
2011-01-29 13:31:07, Info CSI 00000197 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:31:07, Info CSI 00000198 [SR] Beginning Verify and Repair transaction
2011-01-29 13:31:26, Info CSI 0000019a [SR] Verify complete
2011-01-29 13:31:26, Info CSI 0000019b [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:31:26, Info CSI 0000019c [SR] Beginning Verify and Repair transaction
2011-01-29 13:31:33, Info CSI 0000019e [SR] Verify complete
2011-01-29 13:31:33, Info CSI 0000019f [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:31:33, Info CSI 000001a0 [SR] Beginning Verify and Repair transaction
2011-01-29 13:31:39, Info CSI 000001a2 [SR] Verify complete
2011-01-29 13:31:39, Info CSI 000001a3 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:31:39, Info CSI 000001a4 [SR] Beginning Verify and Repair transaction
2011-01-29 13:31:41, Info CSI 000001a6 [SR] Verify complete
2011-01-29 13:31:41, Info CSI 000001a7 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:31:41, Info CSI 000001a8 [SR] Beginning Verify and Repair transaction
2011-01-29 13:31:45, Info CSI 000001aa [SR] Verify complete
2011-01-29 13:31:45, Info CSI 000001ab [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:31:45, Info CSI 000001ac [SR] Beginning Verify and Repair transaction
2011-01-29 13:31:50, Info CSI 000001ae [SR] Verify complete
2011-01-29 13:31:50, Info CSI 000001af [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:31:50, Info CSI 000001b0 [SR] Beginning Verify and Repair transaction
2011-01-29 13:31:58, Info CSI 000001b8 [SR] Verify complete
2011-01-29 13:31:58, Info CSI 000001b9 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:31:58, Info CSI 000001ba [SR] Beginning Verify and Repair transaction
2011-01-29 13:32:01, Info CSI 000001bc [SR] Verify complete
2011-01-29 13:32:02, Info CSI 000001bd [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:32:02, Info CSI 000001be [SR] Beginning Verify and Repair transaction
2011-01-29 13:32:05, Info CSI 000001c0 [SR] Verify complete
2011-01-29 13:32:05, Info CSI 000001c1 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:32:05, Info CSI 000001c2 [SR] Beginning Verify and Repair transaction
2011-01-29 13:32:08, Info CSI 000001c4 [SR] Verify complete
2011-01-29 13:32:09, Info CSI 000001c5 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:32:09, Info CSI 000001c6 [SR] Beginning Verify and Repair transaction
2011-01-29 13:32:15, Info CSI 000001c8 [SR] Verify complete
2011-01-29 13:32:16, Info CSI 000001c9 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:32:16, Info CSI 000001ca [SR] Beginning Verify and Repair transaction
2011-01-29 13:32:22, Info CSI 000001cd [SR] Verify complete
2011-01-29 13:32:23, Info CSI 000001ce [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:32:23, Info CSI 000001cf [SR] Beginning Verify and Repair transaction
2011-01-29 13:32:25, Info CSI 000001d1 [SR] Verify complete
2011-01-29 13:32:25, Info CSI 000001d2 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:32:25, Info CSI 000001d3 [SR] Beginning Verify and Repair transaction
2011-01-29 13:32:27, Info CSI 000001d5 [SR] Verify complete
2011-01-29 13:32:28, Info CSI 000001d6 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:32:28, Info CSI 000001d7 [SR] Beginning Verify and Repair transaction
2011-01-29 13:32:41, Info CSI 000001dc [SR] Verify complete
2011-01-29 13:32:42, Info CSI 000001dd [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:32:42, Info CSI 000001de [SR] Beginning Verify and Repair transaction
2011-01-29 13:32:49, Info CSI 000001e3 [SR] Verify complete
2011-01-29 13:32:49, Info CSI 000001e4 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:32:49, Info CSI 000001e5 [SR] Beginning Verify and Repair transaction
2011-01-29 13:32:56, Info CSI 000001e7 [SR] Verify complete
2011-01-29 13:32:57, Info CSI 000001e8 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:32:57, Info CSI 000001e9 [SR] Beginning Verify and Repair transaction
2011-01-29 13:33:03, Info CSI 000001f5 [SR] Verify complete
2011-01-29 13:33:04, Info CSI 000001f6 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:33:04, Info CSI 000001f7 [SR] Beginning Verify and Repair transaction
2011-01-29 13:33:11, Info CSI 000001fd [SR] Verify complete
2011-01-29 13:33:12, Info CSI 000001fe [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:33:12, Info CSI 000001ff [SR] Beginning Verify and Repair transaction
2011-01-29 13:33:16, Info CSI 00000201 [SR] Verify complete
2011-01-29 13:33:17, Info CSI 00000202 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:33:17, Info CSI 00000203 [SR] Beginning Verify and Repair transaction
2011-01-29 13:33:21, Info CSI 00000207 [SR] Verify complete
2011-01-29 13:33:21, Info CSI 00000208 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:33:21, Info CSI 00000209 [SR] Beginning Verify and Repair transaction
2011-01-29 13:33:25, Info CSI 0000020b [SR] Verify complete
2011-01-29 13:33:26, Info CSI 0000020c [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:33:26, Info CSI 0000020d [SR] Beginning Verify and Repair transaction
2011-01-29 13:33:32, Info CSI 00000232 [SR] Verify complete
2011-01-29 13:33:32, Info CSI 00000233 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:33:32, Info CSI 00000234 [SR] Beginning Verify and Repair transaction
2011-01-29 13:33:36, Info CSI 00000236 [SR] Verify complete
2011-01-29 13:33:37, Info CSI 00000237 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:33:37, Info CSI 00000238 [SR] Beginning Verify and Repair transaction
2011-01-29 13:33:42, Info CSI 0000023a [SR] Verify complete
2011-01-29 13:33:42, Info CSI 0000023b [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:33:42, Info CSI 0000023c [SR] Beginning Verify and Repair transaction
2011-01-29 13:33:47, Info CSI 0000024a [SR] Verify complete
2011-01-29 13:33:47, Info CSI 0000024b [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:33:47, Info CSI 0000024c [SR] Beginning Verify and Repair transaction
2011-01-29 13:33:55, Info CSI 0000024e [SR] Verify complete
2011-01-29 13:33:56, Info CSI 0000024f [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:33:56, Info CSI 00000250 [SR] Beginning Verify and Repair transaction
2011-01-29 13:34:01, Info CSI 0000025e [SR] Verify complete
2011-01-29 13:34:02, Info CSI 0000025f [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:34:02, Info CSI 00000260 [SR] Beginning Verify and Repair transaction
2011-01-29 13:34:05, Info CSI 00000262 [SR] Verify complete
2011-01-29 13:34:06, Info CSI 00000263 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:34:06, Info CSI 00000264 [SR] Beginning Verify and Repair transaction
2011-01-29 13:34:09, Info CSI 00000266 [SR] Verify complete
2011-01-29 13:34:09, Info CSI 00000267 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:34:09, Info CSI 00000268 [SR] Beginning Verify and Repair transaction
2011-01-29 13:34:15, Info CSI 0000026a [SR] Verify complete
2011-01-29 13:34:15, Info CSI 0000026b [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:34:15, Info CSI 0000026c [SR] Beginning Verify and Repair transaction
2011-01-29 13:34:17, Info CSI 0000026e [SR] Verify complete
2011-01-29 13:34:17, Info CSI 0000026f [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:34:17, Info CSI 00000270 [SR] Beginning Verify and Repair transaction
2011-01-29 13:34:23, Info CSI 00000272 [SR] Verify complete
2011-01-29 13:34:23, Info CSI 00000273 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:34:23, Info CSI 00000274 [SR] Beginning Verify and Repair transaction
2011-01-29 13:34:27, Info CSI 00000276 [SR] Verify complete
2011-01-29 13:34:28, Info CSI 00000277 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:34:28, Info CSI 00000278 [SR] Beginning Verify and Repair transaction
2011-01-29 13:34:33, Info CSI 0000027a [SR] Verify complete
2011-01-29 13:34:34, Info CSI 0000027b [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:34:34, Info CSI 0000027c [SR] Beginning Verify and Repair transaction
2011-01-29 13:34:41, Info CSI 00000296 [SR] Verify complete
2011-01-29 13:34:41, Info CSI 00000297 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:34:41, Info CSI 00000298 [SR] Beginning Verify and Repair transaction
2011-01-29 13:34:59, Info CSI 0000029a [SR] Verify complete
2011-01-29 13:34:59, Info CSI 0000029b [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:34:59, Info CSI 0000029c [SR] Beginning Verify and Repair transaction
2011-01-29 13:35:04, Info CSI 0000029e [SR] Verify complete
2011-01-29 13:35:04, Info CSI 0000029f [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:35:04, Info CSI 000002a0 [SR] Beginning Verify and Repair transaction
2011-01-29 13:35:08, Info CSI 000002a2 [SR] Verify complete
2011-01-29 13:35:08, Info CSI 000002a3 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:35:08, Info CSI 000002a4 [SR] Beginning Verify and Repair transaction
2011-01-29 13:35:11, Info CSI 000002a8 [SR] Verify complete
2011-01-29 13:35:12, Info CSI 000002a9 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:35:12, Info CSI 000002aa [SR] Beginning Verify and Repair transaction
2011-01-29 13:35:16, Info CSI 000002ac [SR] Verify complete
2011-01-29 13:35:16, Info CSI 000002ad [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:35:16, Info CSI 000002ae [SR] Beginning Verify and Repair transaction
2011-01-29 13:35:21, Info CSI 000002b0 [SR] Verify complete
2011-01-29 13:35:21, Info CSI 000002b1 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:35:21, Info CSI 000002b2 [SR] Beginning Verify and Repair transaction
2011-01-29 13:35:25, Info CSI 000002b5 [SR] Verify complete
2011-01-29 13:35:25, Info CSI 000002b6 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:35:25, Info CSI 000002b7 [SR] Beginning Verify and Repair transaction
2011-01-29 13:35:29, Info CSI 000002b9 [SR] Verify complete
2011-01-29 13:35:29, Info CSI 000002ba [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:35:29, Info CSI 000002bb [SR] Beginning Verify and Repair transaction
2011-01-29 13:35:33, Info CSI 000002bd [SR] Verify complete
2011-01-29 13:35:34, Info CSI 000002be [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:35:34, Info CSI 000002bf [SR] Beginning Verify and Repair transaction
2011-01-29 13:35:38, Info CSI 000002c1 [SR] Verify complete
2011-01-29 13:35:38, Info CSI 000002c2 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:35:38, Info CSI 000002c3 [SR] Beginning Verify and Repair transaction
2011-01-29 13:35:43, Info CSI 000002c6 [SR] Verify complete
2011-01-29 13:35:44, Info CSI 000002c7 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:35:44, Info CSI 000002c8 [SR] Beginning Verify and Repair transaction
2011-01-29 13:35:46, Info CSI 000002ca [SR] Verify complete
2011-01-29 13:35:47, Info CSI 000002cb [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:35:47, Info CSI 000002cc [SR] Beginning Verify and Repair transaction
2011-01-29 13:35:53, Info CSI 000002ce [SR] Verify complete
2011-01-29 13:35:53, Info CSI 000002cf [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:35:53, Info CSI 000002d0 [SR] Beginning Verify and Repair transaction
2011-01-29 13:35:57, Info CSI 000002d2 [SR] Verify complete
2011-01-29 13:35:58, Info CSI 000002d3 [SR] Verifying 100 (0x0000000000000064) components
2011-01-29 13:35:58, Info CSI 000002d4 [SR] Beginning Verify and Repair transaction
2011-01-29 13:36:03, Info CSI 000002d6 [SR] Verify complete
2011-01-29 13:36:03, Info CSI 000002d7 [SR] Verifying 38 (0x0000000000000026) components
2011-01-29 13:36:03, Info CSI 000002d8 [SR] Beginning Verify and Repair transaction
2011-01-29 13:36:04, Info CSI 000002da [SR] Verify complete
2011-01-29 13:36:04, Info CSI 000002db [SR] Repairing 0 components
2011-01-29 13:36:04, Info CSI 000002dc [SR] Beginning Verify and Repair transaction
2011-01-29 13:36:04, Info CSI 000002de [SR] Repair complete






Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5635

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/29/2011 2:05:47 PM
mbam-log-2011-01-29 (14-05-47).txt

Scan type: Quick scan
Objects scanned: 160576
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 29 January 2011 - 10:36 PM

The MbrCheck finding might actually be normal. I need you to do this to find out if the Mbr is actually infected.

I would like to get a copy of your MBR as a backup and for future examination.

You will need a USB drive. Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?) - please note that if you do not see sbd1 simply remove then replace the USB while xPud is running and it will then appear!
  • Press Tool at the top
  • Choose Open Terminal
  • Type dd if=/dev/sda of=MBRbackup.zip bs=512 count=1
  • Press Enter
  • After it has finished a report will be located on your USB drive named MBRbackup.zip
  • Remove the USB drive and insert back in your working computer and navigate to MBRbackup.zip

    Please note - all text entries are case sensitive

Attach the MBRbackup.zip to your next reply.

What about the ESET scan? Were there any detections?

Thanks,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 jac335

jac335
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 31 January 2011 - 09:51 PM

I need a "clean computer" for this next step?

And by formatting my USB drive, wont that erase whats on it?

#10 jac335

jac335
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 31 January 2011 - 09:53 PM

thcbytes,

No, there were no detections using ESET.

I'll have to use the computer at work as my "clean computer", so hopefully I can do that tomorrow.

Thanks for your help

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 01 February 2011 - 10:21 AM

Sorry. Your right. You can use your "infected" computer. And yes...if you have anything important on that flash drive then move it over to the computer 1st. :thumbup2:
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 03 February 2011 - 05:39 PM

Do you still desire help?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 jac335

jac335
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 04 February 2011 - 09:41 AM

thcbytes,

Sorry for the delay.

I tried to reboot my computer using the USB, but a black screen came up saying only "NTLDR Missing - Press Alt-Ctrl-DEL to restart"

I installed the xPUD onto the USB as instructed, and placed the driver.sh on there as well (is there any specific place I should put it on the USB?). Do you know what "missing NTLDR" might mean?

Thanks for your help

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 04 February 2011 - 05:39 PM

Could you please list for me the contents of the USB.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 jac335

jac335
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 05 February 2011 - 01:24 PM

thc,

Sure, here are the contents of the USB. In the root directory, there are 2 folders: "boot" and "opt", there are 2 files "syslinux.cfg" and "vesamenu.c32", these were all created from the xPUD installer (I think). There is also the "driver.sh" file that I was instructed to put onto that drive, so in total, 2 folders and 3 files in the main USB drive folder.

Should I re-format the drive and attempt the xPUD process again?

Thanks for your help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users