Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Combofix now no wireless


  • This topic is locked This topic is locked
5 replies to this topic

#1 twistidphreak

twistidphreak

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 09 March 2011 - 01:48 PM

I had a virus on my computer and took it to a IT friend and he recently used Combofix to remove malware from my laptop. It worked great except my wireless connection will not find any connections. Please help thank you.

Acer Aspire One D250
Windows 7
Atheros AR5B95 Wireless Network Adapter

When I run a scan with GMER.exe I get a blue screen.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Phreak at 14:50:00.79 on Mon 03/07/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1014.146 [GMT -5:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CrazyRemote\CrazyRemoteServer.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Registration\GregHSRW.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Phreak\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=27b501104725l0304ww55w4862377r
uInternet Settings,ProxyServer = http=127.0.0.1:18810
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110302113734.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Windows 7 Starter Helper: {d381ff29-7cfb-4d4e-b92a-c4eddc696614} - c:\program files\oceanis\systemsetting\StarterHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAQQBKAEMAMgAtAE8AMwBFADcANwAtAEsAUgBSAFEAQQAtAEgARQBaAEQAUAAtAFIARQBNAEIAUgA"&"inst=NwA2AC0ANwAxADkAOQAxADYAMgA5ADMALQBEADMAOAAxAEwAKwA1AC0AWABPADMANgArADEALQBTAFQAMQArADIALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKwA5AA"&"prod=53"&"ver=9.0.872
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-2 386840]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-3-2 164840]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-3-2 64304]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 CrazyRemoteServer;CrazyRemoteServer;c:\program files\crazyremote\CrazyRemoteServer.exe [2010-12-15 217600]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-8-18 727584]
R2 Greg_Service;GRegService;c:\program files\acer\registration\GregHSRW.exe [2009-6-4 1150496]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-2 55840]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-2 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-2 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-2 313288]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-7 38224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-24 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-2 84264]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-18 167424]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]
.
=============== Created Last 30 ================
.
2011-03-07 18:56:26 -------- d-----w- c:\users\phreak\appdata\roaming\Malwarebytes
2011-03-07 18:55:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 18:55:51 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-07 18:55:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-07 18:55:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-06 23:57:32 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-06 23:21:34 98816 ----a-w- c:\windows\sed.exe
2011-03-06 23:21:34 89088 ----a-w- c:\windows\MBR.exe
2011-03-06 23:21:34 256512 ----a-w- c:\windows\PEV.exe
2011-03-06 23:21:34 161792 ----a-w- c:\windows\SWREG.exe
2011-03-03 21:14:52 411368 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-02 22:59:45 -------- d-----w- c:\users\phreak\appdata\local\Panda Security
2011-03-02 22:57:13 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2011-03-02 22:55:00 -------- d-----w- c:\windows\system32\PAV
2011-03-02 22:54:59 -------- d-----w- c:\users\phreak\appdata\roaming\Panda Security
2011-03-02 16:40:29 -------- d-----w- c:\program files\SiteAdvisor
2011-03-02 15:43:10 -------- d-----w- c:\windows\pss
2011-03-02 15:33:56 -------- d-----w- c:\progra~2\Backup
2011-03-02 15:32:20 -------- d-----w- c:\program files\Panda Security
2011-03-02 15:32:20 -------- d-----w- c:\progra~2\Panda Security
2011-03-02 15:31:38 -------- d-----w- c:\program files\common files\Panda Security
2011-03-01 19:58:08 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2011-03-01 14:44:51 5943120 ------w- c:\progra~2\microsoft\windows defender\definition updates\{d582270a-f429-474a-9d88-65c1e99e17c6}\mpengine.dll
2011-02-25 22:12:53 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-02-25 22:00:52 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-02-25 21:57:44 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-02-25 21:57:24 -------- d-----w- c:\windows\SHELLNEW
2011-02-25 15:35:51 -------- d-----w- c:\program files\PowerISO
2011-02-25 06:00:05 5943120 ------w- c:\progra~2\microsoft\windows defender\definition updates\updates\mpengine.dll
2011-02-24 20:47:44 -------- d-----w- c:\progra~2\Geek Squad
2011-02-24 00:18:35 -------- d-----w- c:\users\phreak\appdata\roaming\AVG10
2011-02-23 23:33:38 -------- d--h--w- c:\progra~2\Common Files
2011-02-23 23:30:00 -------- d-----w- c:\progra~2\AVG10
2011-02-23 23:25:13 -------- d-----w- c:\progra~2\MFAData
2011-02-23 22:37:15 -------- d-----w- c:\program files\Oceanis
2011-02-23 20:49:11 -------- d-----w- c:\windows\system32\SPReview
2011-02-23 20:44:01 -------- d-----w- c:\windows\system32\EventProviders
2011-02-23 20:32:50 458752 ----a-w- c:\windows\system32\WSDApi.dll
2011-02-23 20:32:49 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-23 20:32:48 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-23 20:32:42 1548288 ----a-w- c:\windows\system32\tquery.dll
2011-02-23 20:32:41 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-02-23 20:32:40 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-02-23 20:32:39 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-02-23 20:32:39 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-02-23 20:32:03 245632 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-02-23 20:32:03 160128 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2011-02-23 20:32:02 146432 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-02-23 20:30:47 80720 ----a-w- c:\windows\system32\mscories.dll
2011-02-23 20:29:59 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-02-23 20:28:59 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-02-23 20:27:59 850432 ----a-w- c:\windows\system32\sbe.dll
2011-02-23 20:26:59 246272 ----a-w- c:\windows\system32\scansetting.dll
2011-02-23 20:25:56 318976 ----a-w- c:\windows\system32\raschap.dll
2011-02-23 20:24:59 69120 ----a-w- c:\windows\system32\ntlanman.dll
2011-02-23 20:23:59 8192 ----a-w- c:\windows\system32\spwmp.dll
2011-02-23 20:22:54 373248 ----a-w- c:\program files\internet explorer\ieinstal.exe
2011-02-23 20:21:58 593408 ----a-w- c:\windows\system32\gpsvc.dll
2011-02-23 20:20:59 56832 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-02-23 20:19:59 41984 ----a-w- c:\windows\system32\browcli.dll
2011-02-23 19:51:27 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-02-23 10:39:47 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 10:39:46 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 03:21:35 94208 ----a-w- c:\windows\system32\vbalIml6.ocx
2011-02-23 03:21:35 77824 ----a-w- c:\windows\system32\Screen2Video.OCX
2011-02-23 03:21:35 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2011-02-23 03:21:35 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx
2011-02-23 03:21:35 118784 ----a-w- c:\windows\system32\ScreenSource.ax
2011-02-22 22:54:24 -------- d-----w- c:\users\phreak\appdata\local\Yahoo
2011-02-22 22:42:31 -------- d-----w- c:\program files\Yahoo!
2011-02-09 21:29:17 -------- d-----w- c:\program files\iPod
2011-02-09 08:03:45 -------- d-----w- C:\6c3bc8152ef2fdd5e3d7ee7e36
2011-02-09 04:58:16 2330624 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 04:58:14 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-02-09 04:58:11 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-09 04:57:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-09 04:57:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 04:57:44 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 04:57:43 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-02-09 04:57:26 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-09 04:57:26 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-09 04:57:25 107520 ----a-w- c:\windows\system32\cdd.dll
.
==================== Find3M ====================
.
2011-03-02 16:40:56 0 ----a-w- c:\windows\system32\k.dll
2011-02-23 21:28:14 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-16 02:01:33 2516 --sha-w- c:\progra~2\KGyGaAvL.sys
2011-01-15 21:38:24 8 --sh--r- c:\progra~2\DA027A8D26.sys
2010-12-16 15:53:18 155136 ----a-w- c:\windows\system32\AI_ContextMenu.dll
.
============= FINISH: 14:55:43.04 ===============

Here is my COMBOFIX LOG

ComboFix 11-03-06.01 - Phreak 03/06/2011 18:25:34.1.2 - x86 NETWORK
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1014.412 [GMT -5:00]
Running from: c:\users\Phreak\Desktop\ComboFix.exe
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\system
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\Service_EapHost
.
.
((((((((((((((((((((((((( Files Created from 2011-02-06 to 2011-03-06 )))))))))))))))))))))))))))))))
.
.
2011-03-06 23:41 . 2011-03-06 23:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-03 21:17 . 2011-03-03 21:17 -------- d-----w- c:\program files\Common Files\Java
2011-03-03 21:14 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-02 22:59 . 2011-03-02 22:59 -------- d-----w- c:\users\Phreak\AppData\Local\Panda Security
2011-03-02 22:57 . 2011-03-02 22:57 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2011-03-02 22:55 . 2011-03-02 22:55 -------- d-----w- c:\windows\system32\PAV
2011-03-02 22:54 . 2011-03-02 22:54 -------- d-----w- c:\users\Phreak\AppData\Roaming\Panda Security
2011-03-02 16:40 . 2011-03-02 16:42 -------- d-----w- c:\program files\SiteAdvisor
2011-03-02 15:33 . 2011-03-02 15:33 -------- d-----w- c:\programdata\Backup
2011-03-02 15:32 . 2011-03-03 19:17 -------- d-----w- c:\programdata\Panda Security
2011-03-02 15:32 . 2011-03-02 22:55 -------- d-----w- c:\program files\Panda Security
2011-03-02 15:31 . 2011-03-02 22:54 -------- d-----w- c:\program files\Common Files\Panda Security
2011-03-01 19:58 . 2011-03-03 22:30 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-03-01 14:44 . 2011-02-11 06:54 5943120 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D582270A-F429-474A-9D88-65C1E99E17C6}\mpengine.dll
2011-02-25 22:12 . 2011-02-25 22:12 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-02-25 22:08 . 2011-02-25 22:08 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-02-25 22:00 . 2011-02-25 22:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-02-25 21:57 . 2011-02-25 21:57 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-02-25 21:57 . 2011-02-25 22:12 -------- d-----w- c:\windows\SHELLNEW
2011-02-25 21:51 . 2011-02-25 21:51 -------- d-----r- C:\MSOCache
2011-02-25 15:35 . 2011-02-25 15:35 -------- d-----w- c:\program files\PowerISO
2011-02-24 20:47 . 2011-02-24 20:47 -------- d-----w- c:\programdata\Geek Squad
2011-02-24 00:18 . 2011-02-24 04:04 -------- d-----w- c:\users\Phreak\AppData\Roaming\AVG10
2011-02-23 23:33 . 2011-02-23 23:33 -------- d--h--w- c:\programdata\Common Files
2011-02-23 23:30 . 2011-02-24 01:46 -------- d-----w- c:\programdata\AVG10
2011-02-23 23:25 . 2011-02-24 02:21 -------- d-----w- c:\programdata\MFAData
2011-02-23 22:37 . 2011-02-25 08:49 -------- d-----w- c:\program files\Oceanis
2011-02-23 20:49 . 2011-02-23 20:49 -------- d-----w- c:\windows\system32\SPReview
2011-02-23 20:44 . 2011-02-23 20:44 -------- d-----w- c:\windows\system32\EventProviders
2011-02-23 20:32 . 2010-11-20 12:21 458752 ----a-w- c:\windows\system32\WSDApi.dll
2011-02-23 20:32 . 2010-11-05 01:53 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-23 20:32 . 2010-11-05 01:53 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-23 20:32 . 2010-11-20 12:21 1548288 ----a-w- c:\windows\system32\tquery.dll
2011-02-23 20:32 . 2010-11-20 12:19 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-02-23 20:32 . 2010-11-20 12:19 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-02-23 20:32 . 2010-11-20 12:21 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-02-23 20:32 . 2010-11-20 12:19 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-02-23 20:32 . 2010-11-20 12:30 245632 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-02-23 20:32 . 2010-11-20 12:30 160128 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2011-02-23 20:32 . 2010-11-20 10:00 146432 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-02-23 20:30 . 2010-11-05 01:58 80720 ----a-w- c:\windows\system32\mscories.dll
2011-02-23 20:29 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-02-23 20:28 . 2010-11-20 12:16 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-02-23 20:27 . 2010-11-20 12:21 755200 ----a-w- c:\windows\system32\sud.dll
2011-02-23 20:26 . 2010-11-20 12:21 246272 ----a-w- c:\windows\system32\scansetting.dll
2011-02-23 20:25 . 2010-11-20 12:21 318976 ----a-w- c:\windows\system32\raschap.dll
2011-02-23 20:24 . 2010-11-20 12:30 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-02-23 20:23 . 2010-11-20 12:20 8192 ----a-w- c:\windows\system32\spwmp.dll
2011-02-23 20:22 . 2010-11-20 12:17 373248 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
2011-02-23 20:21 . 2010-11-20 12:19 593408 ----a-w- c:\windows\system32\gpsvc.dll
2011-02-23 20:20 . 2010-11-20 12:21 56832 ----a-w- c:\windows\system32\vfwwdm32.dll
2011-02-23 20:19 . 2010-11-20 12:18 41984 ----a-w- c:\windows\system32\browcli.dll
2011-02-23 19:51 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-02-23 10:39 . 2011-01-07 07:46 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 10:39 . 2011-01-07 07:46 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 03:21 . 2011-02-23 03:21 -------- d-----w- c:\users\Phreak\AppData\Roaming\Yahoo!
2011-02-23 03:21 . 2006-10-04 14:22 94208 ----a-w- c:\windows\system32\vbalIml6.ocx
2011-02-23 03:21 . 2006-10-04 14:22 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2011-02-23 03:21 . 2006-10-04 14:22 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx
2011-02-23 03:21 . 2005-12-07 21:09 77824 ----a-w- c:\windows\system32\Screen2Video.OCX
2011-02-23 03:21 . 2005-12-07 21:05 118784 ----a-w- c:\windows\system32\ScreenSource.ax
2011-02-22 22:54 . 2011-03-03 22:29 -------- d-----w- c:\users\Phreak\AppData\Local\Yahoo
2011-02-22 22:45 . 2011-02-22 22:46 -------- d-----w- c:\programdata\Yahoo!
2011-02-22 22:42 . 2011-02-23 03:04 -------- d-----w- c:\program files\Yahoo!
2011-02-09 21:29 . 2011-02-09 21:29 -------- d-----w- c:\program files\iPod
2011-02-09 08:03 . 2011-02-09 08:11 -------- d-----w- C:\6c3bc8152ef2fdd5e3d7ee7e36
2011-02-09 04:58 . 2011-01-05 03:51 2330624 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 04:58 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-02-09 04:58 . 2011-01-05 05:55 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-09 04:57 . 2011-01-07 06:01 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-09 04:57 . 2011-01-07 07:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 04:57 . 2011-01-07 05:43 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 04:57 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-02-09 04:57 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-09 04:57 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-09 04:57 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 21:28 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-02 22:11 . 2010-01-26 00:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-16 02:01 . 2011-01-15 21:38 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2011-01-15 21:38 . 2011-01-15 21:38 8 --sh--r- c:\programdata\DA027A8D26.sys
2010-12-16 15:53 . 2011-01-12 01:36 155136 ----a-w- c:\windows\system32\AI_ContextMenu.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1193848]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 707104]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-02 1130504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-18 708608]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-1-18 113664]
Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrazyRemote]
2010-12-15 07:32 438200 ----a-w- c:\program files\CrazyRemote\CrazyRemote.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrazyRemoteCommand]
2010-12-15 07:22 39936 ----a-w- c:\program files\CrazyRemote\CrazyRemoteCommand.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 15:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-23 04:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-11-20 3179520]
R2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-11-20 164864]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-11-20 10240]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-11-20 80256]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2010-11-20 50176]
R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888]
R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
R3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
R3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [2009-07-14 67152]
R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-11-20 332160]
R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-11-20 65536]
R3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-12 84264]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-11-20 130432]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-11-20 28032]
R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-11-20 116096]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-11-20 143744]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-11-20 26624]
R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]
R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-11-20 31232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]
R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-11-20 160128]
R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632]
R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2010-11-20 1203200]
R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]
R3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-11-20 22400]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]
S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-11-20 194800]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-11-20 14208]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-11-12 164840]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
S0 spldr;Security Processor Loader Driver; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-19 691696]
S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]
S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-11-20 53120]
S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-11-20 78336]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-11-12 64304]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 18992]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60976]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-11-20 74752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-11-20 63488]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]
S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 CrazyRemoteServer;CrazyRemoteServer;c:\program files\CrazyRemote\CrazyRemoteServer.exe [2010-12-15 217600]
S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 727584]
S2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]
S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-11-12 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-12 141792]
S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]
S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-11-20 35328]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-12 55840]
S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [2010-11-20 31232]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-11-20 728448]
S3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-11-20 233344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-12 313288]
S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]
S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]
S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-11-20 223232]
S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-11-20 96768]
S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]
S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]
S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-11-20 309248]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-11-20 114176]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 204800]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-11-20 108544]
S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-11-20 39936]
S3 vwifibus;Virtual WiFi Bus Driver;c:\windows\system32\DRIVERS\vwifibus.sys [2009-07-13 19968]
S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
AxInstSVGroup REG_MULTI_SZ AxInstSV
secsvcs REG_MULTI_SZ WinDefend
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=27b501104725l0304ww55w4862377r
uInternet Settings,ProxyServer = http=127.0.0.1:18810
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
SafeBoot-volmgr.sys
SafeBoot-volmgrx.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-06 18:45
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-06 18:45
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-06 18:45
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-06 18:45
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-06 18:46
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-06 18:46
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-06 18:46
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-06 18:46
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-06 18:46
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-06 18:46
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-06 18:46
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3180)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\Acer\Acer ePower Management\SysHook.dll
c:\program files\PowerISO\PWRISOSH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Acer\Acer ePower Management\ePowerEvent.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\mmc.exe
.
**************************************************************************
.
Completion time: 2011-03-06 19:01:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-07 00:01
.
Pre-Run: 9,744,752,640 bytes free
Post-Run: 9,584,238,592 bytes free
.
- - End Of File - - 4089684A9D8E18DB316F38111A17E94F

EDIT: Please be patient. There are over 140 unanswered topics in this forum at present and the current average wait time to receive help is 4 days. ~BP

Edited by Budapest, 13 March 2011 - 11:06 PM.


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:44 PM

Posted 14 March 2011 - 03:44 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a log from the RKUnhooker anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Please note that if you are running a 64-bit version of Windows you will not be able to run RKUnhooker and you may skip this step.


Why we request you disable CD Emulation when receiving Malware Removal Advice

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
    Copy the entire contents of the report and paste it in a reply here.
Note** You may get this warning:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Just ignore it, click Cancel, then Accept. :thumbup2:

Best Regards,
oneof4.


#3 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:44 PM

Posted 18 March 2011 - 12:07 PM

Do you still need help?

Best Regards,
oneof4.


#4 twistidphreak

twistidphreak
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 18 March 2011 - 10:45 PM

Yes I do still need help

#5 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:09:44 PM

Posted 19 March 2011 - 10:34 PM

Please follow my instructions in Post #2. :)

Best Regards,
oneof4.


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:44 PM

Posted 24 March 2011 - 03:54 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users