Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected and google keeps redirecting


  • This topic is locked This topic is locked
37 replies to this topic

#1 StrandedProgress

StrandedProgress

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 02 June 2011 - 06:56 PM

Google redirects most of the time. Microsoft programs will appear when I open them and disappear and are not shown running in task manager. There are a few other smaller instances wwith the graphics, yet I can't think of them right now. My screen will go black and a reboot is the only thing that brings it back up. When I start my PC a window appears saying: Microsoft .NET Framework Version 2.0 not installed. I tried to install and it wouldn't because of the earlier problem with things not staying open.



.
DDS (Ver_2011-06-02.03) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_25
Run by Todd at 17:36:41 on 2011-06-02
.
============== Running Processes ===============
.
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Todd\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Programs and Drivers\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110516170407.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [JDCSVWN] rundll32 "C:\Users\Todd\AppData\Roaming\WSDApi0.dll",Fttqrmrjug
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [<NO NAME>]
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SoundIt] C:\Program Files (x86)\soundit.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Lexmark 7600 Series] "C:\Program Files (x86)\Lexmark 7600 Series\fm3032.exe" /s
mRun: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.1.1 68.87.85.102 68.87.69.150
TCP: Interfaces\{1098346F-CAF7-446C-B0F1-F4908B18A9D6} : DhcpNameServer = 209.183.35.23 209.183.33.23
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F} : DhcpNameServer = 192.168.1.1 68.87.85.102 68.87.69.150
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F}\1445C4D275946494 : DhcpNameServer = 172.16.32.1 205.152.37.23 205.152.144.23 205.152.132.23
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F}\25562656363616D27657563747 : DhcpNameServer = 192.168.33.1 68.87.85.102 68.87.69.150
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F}\35472716E6465646020527F676275637379667560264F627365637 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F}\47D6F62696C656 : DhcpNameServer = 66.94.25.120 66.94.9.120
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F}\76F676F696E666C696768647 : DhcpNameServer = 172.19.134.2
TCP: Interfaces\{AA24AF6B-4065-48AA-8658-70F5A8A6951F}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DB8182A3-DCCC-4F89-A2E8-309ED1FA4494} : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110516170407.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [(Default)]
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SoundIt] C:\Program Files (x86)\soundit.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Lexmark 7600 Series] "C:\Program Files (x86)\Lexmark 7600 Series\fm3032.exe" /s
mRun-x64: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\eq5e45dp.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Todd\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Todd\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Todd\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R? ACT! Scheduler;ACT! Scheduler
R? AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8
R? AERTFilters;Andrea RT Filters Service
R? ALSysIO;ALSysIO
R? ATTRcAppSvc;AT&T RcAppSvc
R? CAATT;AT&T Con App Svc
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? HPDrvMntSvc.exe;HP Quick Synchronization Service
R? HPWMISVC;HPWMISVC
R? McOobeSv;McAfee OOBE Service
R? mferkdet;McAfee Inc. mferkdet
R? netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit
R? ose64;Office 64 Source Engine
R? PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? SrvHsfHDA;SrvHsfHDA
R? SrvHsfV92;SrvHsfV92
R? SrvHsfWinac;SrvHsfWinac
R? SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80)
R? SWUMX80;Sierra Wireless USB MUX Driver (UMTS80)
R? TsUsbFlt;TsUsbFlt
R? UNS;Intel® Management & Security Application User Notification Service
R? WatAdminSvc;Windows Activation Technologies Service
R? WSDPrintDevice;WSD Print Support via UMB
R? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
S? btwl2cap;Bluetooth L2CAP Service
S? cfwids;McAfee Inc. cfwids
S? clwvd;CyberLink WebCam Virtual Driver
S? HECIx64;Intel® Management Engine Interface
S? Impcd;Impcd
S? IntcDAud;Intel® Display Audio
S? lxdw_device;lxdw_device
S? lxdwCATSCustConnectService;lxdwCATSCustConnectService
S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
S? McMPFSvc;McAfee Personal Firewall Service
S? McNaiAnn;McAfee VirusScan Announcer
S? McProxy;McAfee Proxy Service
S? McShield;McShield
S? mfeavfk;McAfee Inc. mfeavfk
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfenlfk;McAfee NDIS Light Filter
S? mfevtp;McAfee Validation Trust Protection Service
S? mfewfpk;McAfee Inc. mfewfpk
S? MSSQL$ACT7;SQL Server (ACT7)
S? osppsvc;Office Software Protection Platform
S? PxHlpa64;PxHlpa64
S? RTL8167;Realtek 8167 NT Driver
S? rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver
S? RtVOsdService;RtVOsdService Installer
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
.
=============== Created Last 30 ================
.
2011-06-02 15:29:17 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-06-01 05:12:58 -------- d-----w- C:\Windows\SysWow64\BestPractices
2011-06-01 05:12:57 -------- d-----w- C:\Windows\System32\BestPractices
2011-06-01 05:12:56 -------- d-----w- C:\inetpub
2011-05-31 18:07:50 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{84556990-3A4C-49B1-B98D-77E2EC67595E}\mpengine.dll
2011-05-24 20:53:07 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-23 01:43:53 300032 ----a-w- C:\Windows\System32\lxdwgrd.dll
2011-05-23 01:43:25 987648 ----a-w- C:\Windows\System32\lxdwpmui.dll
2011-05-23 01:43:25 897024 ----a-w- C:\Windows\System32\lxdwlmpm.dll
2011-05-23 01:43:25 1661952 ----a-w- C:\Windows\System32\lxdwserv.dll
2011-05-23 01:43:24 580608 ----a-w- C:\Windows\System32\lxdwcomm.dll
2011-05-23 01:43:24 548352 ----a-w- C:\Windows\System32\lxdwinpa.dll
2011-05-23 01:43:24 513024 ----a-w- C:\Windows\System32\lxdwiesc.dll
2011-05-23 01:43:24 1338368 ----a-w- C:\Windows\System32\lxdwusb1.dll
2011-05-23 01:43:24 1291264 ----a-w- C:\Windows\System32\lxdwcomc.dll
2011-05-23 01:43:24 1091584 ----a-w- C:\Windows\System32\lxdwhbn3.dll
2011-05-20 05:22:41 -------- d-----w- C:\Users\Todd\AppData\Local\Apple Computer
2011-05-20 03:21:01 -------- d-----w- C:\Users\Todd\AppData\Local\AT&T
2011-05-20 03:18:56 34304 ----a-w- C:\Windows\System32\drivers\swmsflt.sys
2011-05-20 03:16:19 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
2011-05-20 03:15:49 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2011-05-20 03:15:48 -------- d-----w- C:\ProgramData\AT&T
2011-05-20 03:15:48 -------- d-----w- C:\Program Files (x86)\Common Files\PctelEapPeer Authentication
2011-05-20 03:15:48 -------- d-----w- C:\Program Files (x86)\AT&T
2011-05-20 03:08:32 -------- d-----w- C:\Users\Todd\AppData\Roaming\Sierra Wireless
2011-05-20 03:08:32 -------- d-----w- C:\Program Files (x86)\Sierra Wireless Inc
2011-05-19 07:58:48 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-05-19 05:56:34 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-19 05:56:34 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-16 21:04:07 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
2011-05-16 16:45:59 924632 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2011-05-11 03:44:27 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 03:44:26 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 03:44:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 03:44:22 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 03:44:22 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 03:44:22 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 03:44:22 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 03:44:21 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 03:44:21 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 03:44:21 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-10 17:04:37 -------- d-----w- C:\Users\Todd\AppData\Roaming\Malwarebytes
2011-05-10 17:04:33 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-10 17:04:32 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-10 17:04:29 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-10 17:04:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-06-02 06:48:19 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-24 21:30:38 8673792 ----a-w- C:\ProgramData\atscie.msi
2011-04-18 20:42:28 158976 ----a-w- C:\Windows\System32\drivers\Impcd.sys
2011-04-17 22:30:10 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2011-04-17 22:30:10 347680 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2011-04-17 22:30:10 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2011-04-17 22:25:16 2048104 ----a-w- C:\Windows\System32\RtPgEx64.dll
2011-04-17 22:25:16 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2011-04-17 22:25:15 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2011-04-17 22:25:14 2494056 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2011-04-17 22:25:10 80488 ----a-w- C:\Windows\System32\RCoInst64.dll
2011-04-17 22:25:10 569960 ----a-w- C:\Windows\System32\RtkApi64.dll
2011-04-17 22:25:10 2625640 ----a-w- C:\Windows\System32\RtkAPO64.dll
2011-04-17 22:25:10 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
2011-04-17 22:25:10 1215592 ----a-w- C:\Windows\System32\RTCOM64.dll
2011-04-17 22:25:03 200800 ----a-w- C:\Windows\System32\AERTAC64.dll
2011-04-17 22:25:01 1251944 ----a-w- C:\Windows\RtlExUpd.dll
2011-04-14 18:01:38 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-04-14 18:01:38 94992 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-04-14 18:01:38 75160 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-04-14 18:01:38 63056 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-04-14 18:01:38 530304 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-04-14 18:01:38 441840 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-04-14 18:01:38 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-04-14 18:01:38 190520 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-04-14 18:01:38 121376 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-04-14 01:57:04 225902 --sha-w- C:\Program Files (x86)\soundit.exe
2011-04-11 01:19:18 214230 --sha-w- C:\Program Files (x86)\blankit.exe
2011-04-09 07:35:21 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
2011-03-27 12:46:34 34816 --sha-w- C:\Program Files (x86)\nircmdc.exe
2011-03-25 22:29:38 167960 ----a-w- C:\Windows\System32\igfxtray.exe
2011-03-25 22:29:36 509976 ----a-w- C:\Windows\System32\igfxsrvc.exe
2011-03-25 22:29:36 418840 ----a-w- C:\Windows\System32\igfxpers.exe
2011-03-25 22:29:34 391704 ----a-w- C:\Windows\System32\hkcmd.exe
2011-03-25 22:29:34 239128 ----a-w- C:\Windows\System32\igfxext.exe
2011-03-25 22:29:30 4370456 ----a-w- C:\Windows\System32\GfxUI.exe
2011-03-25 22:29:30 179736 ----a-w- C:\Windows\System32\difx64.exe
2011-03-25 22:24:18 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2342.dll
2011-03-25 22:17:50 12262336 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2011-03-25 22:17:48 7473664 ----a-w- C:\Windows\System32\igdumd64.dll
2011-03-25 22:16:12 128204 ----a-w- C:\Windows\SysWow64\igcompkrng575.bin
2011-03-25 22:16:12 128204 ----a-w- C:\Windows\System32\igcompkrng575.bin
2011-03-25 22:16:10 867020 ----a-w- C:\Windows\SysWow64\igkrng575.bin
2011-03-25 22:16:10 867020 ----a-w- C:\Windows\System32\igkrng575.bin
2011-03-25 22:16:10 105428 ----a-w- C:\Windows\SysWow64\igfcg575m.bin
2011-03-25 22:16:10 105428 ----a-w- C:\Windows\System32\igfcg575m.bin
2011-03-25 22:12:06 5692416 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2011-03-25 22:08:46 575488 ----a-w- C:\Windows\SysWow64\igdumdx32.dll
2011-03-25 22:05:34 7386624 ----a-w- C:\Windows\System32\igd10umd64.dll
2011-03-25 22:02:08 6068736 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2011-03-25 21:54:14 19592704 ----a-w- C:\Windows\System32\ig4icd64.dll
2011-03-25 21:45:16 14294016 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2011-03-25 21:39:48 335872 ----a-w- C:\Windows\System32\igfxpph.dll
2011-03-25 21:39:44 380928 ----a-w- C:\Windows\System32\igfxTMM.dll
2011-03-25 21:39:38 28672 ----a-w- C:\Windows\System32\igfxexps.dll
2011-03-25 21:39:26 62464 ----a-w- C:\Windows\System32\igfxsrvc.dll
2011-03-25 21:39:00 109056 ----a-w- C:\Windows\System32\hccutils.dll
2011-03-25 21:38:52 144896 ----a-w- C:\Windows\System32\gfxSrvc.dll
2011-03-25 21:38:50 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2011-03-25 21:38:50 385024 ----a-w- C:\Windows\System32\igfxdev.dll
2011-03-25 21:38:18 285696 ----a-w- C:\Windows\System32\igfxrenu.lrc
2011-03-25 21:38:12 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2011-03-25 21:38:10 9014784 ----a-w- C:\Windows\System32\igfxress.dll
2011-03-25 21:34:40 24576 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2011-03-25 21:33:50 288768 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2011-03-25 21:28:24 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll
2011-03-25 21:28:24 142848 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2011-03-25 21:28:24 122368 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2011-03-25 21:28:22 95744 ----a-w- C:\Windows\System32\iglhcp64.dll
2011-03-25 21:28:22 86528 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2011-03-25 21:28:22 368640 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2011-03-25 21:28:22 364032 ----a-w- C:\Windows\System32\iglhsip64.dll
2011-03-14 20:29:50 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-14 20:29:49 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 21:28:00 143360 --sha-r- C:\Users\Todd\AppData\Roaming\WSDApi0.dll
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 17:38:04.78 ===============

BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:52 AM

Posted 10 June 2011 - 10:16 PM

Hello StrandedProgress and welcome to Bleeping Computer! :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. :thumbup2:

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

--------------------------

Please download to your Desktop:
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):
  • TDSSKiller_log.txt
how the PC is running now?


-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:
  • TDSSKiller log
  • C:\ComboFix.txt
  • Security Check checkup.txt

How is your computer running now?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 StrandedProgress

StrandedProgress
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 11 June 2011 - 12:29 AM

Nothing found with the TDSSKiller.


2011/06/10 23:01:56.0307 6236 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/10 23:01:57.0130 6236 ================================================================================
2011/06/10 23:01:57.0130 6236 SystemInfo:
2011/06/10 23:01:57.0130 6236
2011/06/10 23:01:57.0130 6236 OS Version: 6.1.7601 ServicePack: 1.0
2011/06/10 23:01:57.0130 6236 Product type: Workstation
2011/06/10 23:01:57.0131 6236 ComputerName: TODD-PC
2011/06/10 23:01:57.0131 6236 UserName: Todd
2011/06/10 23:01:57.0131 6236 Windows directory: C:\Windows
2011/06/10 23:01:57.0131 6236 System windows directory: C:\Windows
2011/06/10 23:01:57.0131 6236 Running under WOW64
2011/06/10 23:01:57.0131 6236 Processor architecture: Intel x64
2011/06/10 23:01:57.0131 6236 Number of processors: 4
2011/06/10 23:01:57.0131 6236 Page size: 0x1000
2011/06/10 23:01:57.0131 6236 Boot type: Normal boot
2011/06/10 23:01:57.0131 6236 ================================================================================
2011/06/10 23:01:57.0999 6236 Initialize success
2011/06/10 23:02:10.0004 6212 ================================================================================
2011/06/10 23:02:10.0004 6212 Scan started
2011/06/10 23:02:10.0004 6212 Mode: Manual;
2011/06/10 23:02:10.0004 6212 ================================================================================
2011/06/10 23:02:10.0349 6212 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/06/10 23:02:10.0416 6212 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/06/10 23:02:10.0481 6212 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/06/10 23:02:10.0573 6212 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/10 23:02:10.0632 6212 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/10 23:02:10.0670 6212 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/10 23:02:10.0906 6212 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/06/10 23:02:10.0984 6212 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/06/10 23:02:11.0079 6212 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/06/10 23:02:11.0150 6212 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/06/10 23:02:11.0341 6212 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/06/10 23:02:11.0409 6212 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/10 23:02:11.0441 6212 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/10 23:02:11.0507 6212 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/06/10 23:02:11.0556 6212 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/10 23:02:11.0589 6212 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/06/10 23:02:11.0751 6212 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/06/10 23:02:11.0827 6212 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/10 23:02:11.0905 6212 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/10 23:02:12.0067 6212 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/10 23:02:12.0169 6212 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/06/10 23:02:12.0287 6212 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/10 23:02:12.0335 6212 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/10 23:02:12.0400 6212 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/10 23:02:12.0527 6212 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/10 23:02:12.0580 6212 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/10 23:02:12.0644 6212 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/10 23:02:12.0678 6212 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/10 23:02:12.0737 6212 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/10 23:02:12.0790 6212 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/10 23:02:12.0817 6212 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/10 23:02:12.0847 6212 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/10 23:02:12.0934 6212 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/06/10 23:02:12.0966 6212 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/10 23:02:13.0025 6212 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/10 23:02:13.0061 6212 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\System32\Drivers\BTHport.sys
2011/06/10 23:02:13.0140 6212 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\System32\Drivers\BTHUSB.sys
2011/06/10 23:02:13.0197 6212 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
2011/06/10 23:02:13.0251 6212 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/06/10 23:02:13.0319 6212 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/06/10 23:02:13.0345 6212 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/06/10 23:02:13.0397 6212 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/10 23:02:13.0465 6212 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/10 23:02:13.0586 6212 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
2011/06/10 23:02:13.0673 6212 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/10 23:02:13.0713 6212 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/10 23:02:13.0948 6212 clwvd (45379507ecc5e406237bff32c7390675) C:\Windows\system32\DRIVERS\clwvd.sys
2011/06/10 23:02:14.0155 6212 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/10 23:02:14.0219 6212 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/06/10 23:02:14.0341 6212 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/06/10 23:02:14.0594 6212 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/10 23:02:14.0704 6212 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/06/10 23:02:15.0105 6212 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/10 23:02:15.0444 6212 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/06/10 23:02:15.0502 6212 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/10 23:02:15.0628 6212 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/10 23:02:15.0958 6212 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/10 23:02:16.0106 6212 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/10 23:02:16.0689 6212 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/10 23:02:17.0031 6212 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/10 23:02:17.0086 6212 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/06/10 23:02:17.0248 6212 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/10 23:02:17.0440 6212 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/10 23:02:17.0521 6212 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/10 23:02:17.0865 6212 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/10 23:02:17.0918 6212 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/10 23:02:18.0023 6212 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/10 23:02:18.0283 6212 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/06/10 23:02:18.0457 6212 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/10 23:02:18.0671 6212 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/10 23:02:18.0772 6212 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/10 23:02:18.0889 6212 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/10 23:02:19.0275 6212 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/10 23:02:19.0433 6212 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/06/10 23:02:19.0648 6212 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/06/10 23:02:19.0735 6212 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/06/10 23:02:19.0789 6212 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/10 23:02:19.0837 6212 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/10 23:02:19.0994 6212 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/10 23:02:20.0090 6212 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/10 23:02:20.0251 6212 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/06/10 23:02:20.0606 6212 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/06/10 23:02:20.0703 6212 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/10 23:02:20.0853 6212 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/06/10 23:02:20.0975 6212 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/10 23:02:21.0123 6212 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/06/10 23:02:21.0556 6212 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/06/10 23:02:21.0853 6212 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/10 23:02:21.0927 6212 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/06/10 23:02:22.0041 6212 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/10 23:02:22.0161 6212 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/06/10 23:02:22.0224 6212 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/06/10 23:02:22.0290 6212 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/10 23:02:22.0363 6212 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/10 23:02:22.0435 6212 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/06/10 23:02:22.0484 6212 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/10 23:02:22.0550 6212 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/10 23:02:22.0647 6212 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/06/10 23:02:22.0686 6212 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/06/10 23:02:22.0756 6212 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/06/10 23:02:22.0802 6212 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/06/10 23:02:22.0899 6212 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2011/06/10 23:02:22.0954 6212 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/10 23:02:23.0011 6212 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/10 23:02:23.0120 6212 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/10 23:02:23.0259 6212 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/10 23:02:23.0347 6212 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/10 23:02:23.0388 6212 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/10 23:02:23.0442 6212 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/10 23:02:23.0509 6212 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/10 23:02:23.0608 6212 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/10 23:02:23.0912 6212 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/10 23:02:24.0031 6212 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/10 23:02:24.0121 6212 mfeapfk (31338e489314ae2a29534fbaa7ad2f1b) C:\Windows\system32\drivers\mfeapfk.sys
2011/06/10 23:02:24.0192 6212 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
2011/06/10 23:02:24.0398 6212 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
2011/06/10 23:02:24.0499 6212 mfehidk (a2607740bb18d631da01e01dcb81843b) C:\Windows\system32\drivers\mfehidk.sys
2011/06/10 23:02:24.0548 6212 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/06/10 23:02:24.0652 6212 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
2011/06/10 23:02:24.0769 6212 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
2011/06/10 23:02:24.0934 6212 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/10 23:02:25.0056 6212 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/10 23:02:25.0125 6212 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/06/10 23:02:25.0182 6212 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/10 23:02:25.0229 6212 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/06/10 23:02:25.0303 6212 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/06/10 23:02:25.0370 6212 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/10 23:02:25.0448 6212 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/06/10 23:02:25.0503 6212 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/10 23:02:25.0588 6212 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/10 23:02:25.0637 6212 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/10 23:02:25.0674 6212 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/06/10 23:02:25.0719 6212 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/06/10 23:02:25.0815 6212 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/10 23:02:25.0865 6212 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/10 23:02:25.0920 6212 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/06/10 23:02:25.0982 6212 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/10 23:02:26.0003 6212 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/10 23:02:26.0027 6212 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/10 23:02:26.0082 6212 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/06/10 23:02:26.0125 6212 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/06/10 23:02:26.0203 6212 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/10 23:02:26.0227 6212 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/10 23:02:26.0336 6212 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/10 23:02:26.0407 6212 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/10 23:02:26.0489 6212 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/06/10 23:02:26.0552 6212 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/10 23:02:26.0613 6212 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/10 23:02:26.0720 6212 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/10 23:02:26.0751 6212 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/10 23:02:26.0801 6212 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/06/10 23:02:26.0851 6212 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/10 23:02:26.0899 6212 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/10 23:02:27.0169 6212 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/06/10 23:02:27.0276 6212 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/10 23:02:27.0416 6212 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/10 23:02:27.0457 6212 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/10 23:02:27.0539 6212 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/06/10 23:02:27.0580 6212 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/10 23:02:27.0623 6212 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/06/10 23:02:27.0654 6212 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/06/10 23:02:27.0722 6212 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/06/10 23:02:27.0810 6212 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/06/10 23:02:27.0923 6212 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/10 23:02:27.0974 6212 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/06/10 23:02:28.0016 6212 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/06/10 23:02:28.0046 6212 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/06/10 23:02:28.0088 6212 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/10 23:02:28.0194 6212 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2011/06/10 23:02:28.0264 6212 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\Windows\system32\PCTINDIS5X64.SYS
2011/06/10 23:02:28.0337 6212 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/10 23:02:28.0373 6212 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/10 23:02:28.0500 6212 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/10 23:02:28.0584 6212 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/10 23:02:28.0662 6212 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/10 23:02:28.0726 6212 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/06/10 23:02:28.0787 6212 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/10 23:02:28.0834 6212 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/10 23:02:28.0888 6212 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/10 23:02:28.0951 6212 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/10 23:02:29.0012 6212 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/10 23:02:29.0071 6212 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/10 23:02:29.0103 6212 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/10 23:02:29.0132 6212 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/10 23:02:29.0162 6212 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/10 23:02:29.0204 6212 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/10 23:02:29.0227 6212 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/10 23:02:29.0340 6212 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/10 23:02:29.0366 6212 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/10 23:02:29.0421 6212 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/06/10 23:02:29.0476 6212 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/06/10 23:02:29.0557 6212 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/10 23:02:29.0666 6212 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/06/10 23:02:29.0702 6212 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2011/06/10 23:02:29.0817 6212 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/10 23:02:29.0892 6212 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
2011/06/10 23:02:29.0959 6212 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/10 23:02:30.0030 6212 rtl8192se (9d2a069a116289a5c0776488007f62be) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/06/10 23:02:30.0151 6212 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/06/10 23:02:30.0177 6212 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/06/10 23:02:30.0254 6212 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/06/10 23:02:30.0314 6212 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/10 23:02:30.0396 6212 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
2011/06/10 23:02:30.0465 6212 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/10 23:02:30.0515 6212 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/10 23:02:30.0547 6212 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/10 23:02:30.0615 6212 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/10 23:02:30.0738 6212 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/06/10 23:02:30.0771 6212 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/10 23:02:30.0809 6212 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/10 23:02:30.0836 6212 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/10 23:02:30.0877 6212 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/10 23:02:30.0918 6212 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/10 23:02:30.0990 6212 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/10 23:02:31.0070 6212 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/10 23:02:31.0235 6212 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/06/10 23:02:31.0272 6212 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/10 23:02:31.0332 6212 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/06/10 23:02:31.0403 6212 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/06/10 23:02:31.0468 6212 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/06/10 23:02:31.0560 6212 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/10 23:02:31.0624 6212 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/10 23:02:31.0693 6212 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/06/10 23:02:31.0801 6212 swmsflt (c03779ec476f8f30a9cfcde046ba6b28) C:\Windows\system32\DRIVERS\swmsflt.sys
2011/06/10 23:02:31.0878 6212 SWNC8U80 (808cb62212dd7a934074ed65d3106948) C:\Windows\system32\DRIVERS\swnc8u80.sys
2011/06/10 23:02:32.0041 6212 SWUMX80 (df3f437a890a77cce5e3fd7b7bb93585) C:\Windows\system32\DRIVERS\swumx80.sys
2011/06/10 23:02:32.0105 6212 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/10 23:02:32.0229 6212 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/06/10 23:02:32.0315 6212 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/10 23:02:32.0382 6212 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/10 23:02:32.0427 6212 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/10 23:02:32.0512 6212 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/10 23:02:32.0572 6212 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/10 23:02:32.0612 6212 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/06/10 23:02:32.0730 6212 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/10 23:02:32.0789 6212 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/06/10 23:02:32.0880 6212 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/10 23:02:32.0955 6212 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/10 23:02:32.0997 6212 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/10 23:02:33.0073 6212 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/10 23:02:33.0139 6212 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/10 23:02:33.0181 6212 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/10 23:02:33.0242 6212 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/10 23:02:33.0316 6212 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/06/10 23:02:33.0377 6212 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
2011/06/10 23:02:33.0415 6212 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/10 23:02:33.0465 6212 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/06/10 23:02:33.0514 6212 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/10 23:02:33.0578 6212 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/10 23:02:33.0630 6212 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/10 23:02:33.0683 6212 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/06/10 23:02:33.0742 6212 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/06/10 23:02:33.0854 6212 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/06/10 23:02:33.0893 6212 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/10 23:02:33.0922 6212 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/10 23:02:33.0964 6212 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/06/10 23:02:34.0001 6212 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/06/10 23:02:34.0032 6212 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/06/10 23:02:34.0091 6212 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/06/10 23:02:34.0136 6212 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/06/10 23:02:34.0227 6212 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/10 23:02:34.0321 6212 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/10 23:02:34.0357 6212 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/10 23:02:34.0435 6212 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/06/10 23:02:34.0487 6212 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/10 23:02:34.0575 6212 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/10 23:02:34.0603 6212 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/10 23:02:34.0772 6212 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/10 23:02:34.0834 6212 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/10 23:02:34.0929 6212 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/10 23:02:34.0966 6212 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/10 23:02:35.0056 6212 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/10 23:02:35.0134 6212 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/10 23:02:35.0213 6212 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/10 23:02:35.0363 6212 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/06/10 23:02:35.0463 6212 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/06/10 23:02:35.0522 6212 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/10 23:02:35.0614 6212 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/06/10 23:02:35.0688 6212 MBR (0x1B8) (08f2ff2b9d5138e4b1cb501d71553e5e) \Device\Harddisk0\DR0
2011/06/10 23:02:35.0695 6212 ================================================================================
2011/06/10 23:02:35.0695 6212 Scan finished
2011/06/10 23:02:35.0695 6212 ================================================================================
2011/06/10 23:02:35.0706 3956 Detected object count: 0
2011/06/10 23:02:35.0706 3956 Actual detected object count: 0

#4 StrandedProgress

StrandedProgress
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 11 June 2011 - 12:30 AM

here is the Combefix..same issues remain


ComboFix 11-06-10.09 - Todd 10-Jun-11 23:16:49.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2156 [GMT -6:00]
Running from: c:\users\Todd\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Todd\AppData\Local\Microsoft\Windows\Temporary Internet Files\{91B4B253-6D4B-40A8-BB87-C6CF56661C89}.xps
c:\users\Todd\AppData\Roaming\inst.exe
c:\users\Todd\AppData\Roaming\WSDApi0.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 05:24 . 2011-06-11 05:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 05:15 . 2011-06-11 05:15 -------- d-----w- C:\32788R22FWJFW
2011-06-10 18:02 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D4BA63D-7DF5-43F6-BAB8-F7662DDF3548}\mpengine.dll
2011-06-03 20:51 . 2011-06-03 20:51 -------- d-----w- c:\users\Todd\AppData\Roaming\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
2011-06-03 03:47 . 2011-06-03 03:47 -------- d-----w- c:\program files (x86)\Runtime Software
2011-06-03 00:01 . 2011-06-08 17:50 -------- d-----w- c:\users\Todd\AppData\Roaming\SUPERAntiSpyware.com
2011-06-03 00:01 . 2011-06-03 00:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-03 00:01 . 2011-06-03 00:01 -------- d-----w- c:\programdata\!SASCORE
2011-06-03 00:01 . 2011-06-09 22:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-02 15:29 . 2011-06-02 15:29 -------- d-----w- c:\program files (x86)\Trend Micro
2011-06-02 07:01 . 2011-06-08 17:50 -------- d-----w- c:\users\Todd\AppData\Roaming\Yahoo!
2011-06-02 06:48 . 2011-06-02 06:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-01 23:06 . 2011-06-08 17:57 -------- d-----w- c:\users\DefaultAppPool
2011-06-01 05:12 . 2011-06-01 05:12 -------- d-----w- c:\windows\SysWow64\BestPractices
2011-06-01 05:12 . 2011-06-01 05:12 -------- d-----w- c:\windows\system32\BestPractices
2011-06-01 05:12 . 2011-06-01 05:19 -------- d-----w- C:\inetpub
2011-05-24 20:53 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-23 01:43 . 2009-10-16 18:43 300032 ----a-w- c:\windows\system32\lxdwgrd.dll
2011-05-23 01:43 . 2009-10-16 18:54 987648 ----a-w- c:\windows\system32\lxdwpmui.dll
2011-05-23 01:43 . 2009-10-16 18:54 1661952 ----a-w- c:\windows\system32\lxdwserv.dll
2011-05-23 01:43 . 2009-10-16 18:54 897024 ----a-w- c:\windows\system32\lxdwlmpm.dll
2011-05-23 01:43 . 2009-10-16 18:54 548352 ----a-w- c:\windows\system32\lxdwinpa.dll
2011-05-23 01:43 . 2009-10-16 18:54 513024 ----a-w- c:\windows\system32\lxdwiesc.dll
2011-05-23 01:43 . 2009-10-16 18:54 1338368 ----a-w- c:\windows\system32\lxdwusb1.dll
2011-05-23 01:43 . 2009-10-16 18:54 1091584 ----a-w- c:\windows\system32\lxdwhbn3.dll
2011-05-23 01:43 . 2009-10-16 18:54 580608 ----a-w- c:\windows\system32\lxdwcomm.dll
2011-05-23 01:43 . 2009-10-16 18:54 1291264 ----a-w- c:\windows\system32\lxdwcomc.dll
2011-05-20 05:22 . 2011-05-20 05:22 -------- d-----w- c:\users\Todd\AppData\Local\Apple Computer
2011-05-20 05:18 . 2011-05-20 05:18 -------- d-----w- c:\users\Todd\AppData\Roaming\Apple Computer
2011-05-20 03:21 . 2011-05-20 03:21 -------- d-----w- c:\users\Todd\AppData\Local\AT&T
2011-05-20 03:18 . 2009-01-14 21:20 34304 ----a-w- c:\windows\system32\drivers\swmsflt.sys
2011-05-20 03:16 . 2011-05-20 03:16 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-05-20 03:15 . 2011-05-20 03:15 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2011-05-20 03:15 . 2011-05-20 03:15 -------- d-----w- c:\program files (x86)\Common Files\PctelEapPeer Authentication
2011-05-20 03:15 . 2011-05-20 03:15 -------- d-----w- c:\programdata\AT&T
2011-05-20 03:15 . 2011-05-20 03:15 -------- d-----w- c:\program files (x86)\AT&T
2011-05-20 03:08 . 2011-05-20 03:09 -------- d-----w- c:\program files (x86)\Sierra Wireless Inc
2011-05-20 03:08 . 2011-05-20 03:08 -------- d-----w- c:\users\Todd\AppData\Roaming\Sierra Wireless
2011-05-19 07:58 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-05-19 05:56 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-19 05:56 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-16 16:46 . 2011-06-08 17:47 -------- d-----w- c:\users\Todd\AppData\Local\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 06:48 . 2010-08-24 06:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-24 21:30 . 2011-04-24 21:30 8673792 ----a-w- c:\programdata\atscie.msi
2011-04-18 20:42 . 2011-04-18 20:42 158976 ----a-w- c:\windows\system32\drivers\Impcd.sys
2011-04-17 22:25 . 2011-04-17 22:25 2048104 ----a-w- c:\windows\system32\RtPgEx64.dll
2011-04-17 22:25 . 2011-04-17 22:25 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
2011-04-17 22:25 . 2011-04-17 22:25 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2011-04-17 22:25 . 2011-04-17 22:25 2494056 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-04-17 22:25 . 2011-04-17 22:25 569960 ----a-w- c:\windows\system32\RtkApi64.dll
2011-04-17 22:25 . 2011-04-17 22:25 2625640 ----a-w- c:\windows\system32\RtkAPO64.dll
2011-04-17 22:25 . 2011-04-17 22:25 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2011-04-17 22:25 . 2011-04-17 22:25 1215592 ----a-w- c:\windows\system32\RTCOM64.dll
2011-04-17 22:25 . 2011-04-17 22:25 80488 ----a-w- c:\windows\system32\RCoInst64.dll
2011-04-17 22:25 . 2011-04-17 22:25 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2011-04-17 22:25 . 2010-05-23 08:17 1251944 ----a-w- c:\windows\RtlExUpd.dll
2011-04-14 18:01 . 2011-04-12 22:07 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-04-14 18:01 . 2011-03-12 22:46 530304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 18:01 . 2011-03-12 22:46 121376 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 18:01 . 2011-03-12 22:37 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 18:01 . 2011-03-12 22:37 94992 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 18:01 . 2011-03-12 22:37 75160 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-04-14 18:01 . 2011-03-12 22:37 63056 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 18:01 . 2011-03-12 22:37 441840 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 18:01 . 2011-03-12 22:37 190520 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 09:44 . 2011-04-14 09:44 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-14 01:57 . 2011-04-14 01:57 225902 --sha-w- c:\program files (x86)\soundit.exe
2011-04-12 22:18 . 2010-12-01 19:18 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-12 22:18 . 2010-12-01 18:17 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-11 01:19 . 2011-04-11 01:19 214230 --sha-w- c:\program files (x86)\blankit.exe
2011-04-09 07:35 . 2010-08-28 15:48 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-04-09 07:02 . 2011-05-11 03:44 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:02 . 2011-05-11 03:44 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 03:44 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-03-30 20:44 . 2011-03-26 18:25 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-03-30 20:42 . 2010-12-01 19:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-27 12:46 . 2011-03-27 12:46 34816 --sha-w- c:\program files (x86)\nircmdc.exe
2011-03-26 18:25 . 2010-12-01 18:17 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-26 18:25 . 2010-12-01 18:17 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-03-25 22:29 . 2011-03-25 22:29 167960 ----a-w- c:\windows\system32\igfxtray.exe
2011-03-25 22:29 . 2011-03-25 22:29 509976 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-03-25 22:29 . 2011-03-25 22:29 418840 ----a-w- c:\windows\system32\igfxpers.exe
2011-03-25 22:29 . 2011-03-25 22:29 391704 ----a-w- c:\windows\system32\hkcmd.exe
2011-03-25 22:29 . 2011-03-25 22:29 239128 ----a-w- c:\windows\system32\igfxext.exe
2011-03-25 22:29 . 2011-03-25 22:29 4370456 ----a-w- c:\windows\system32\GfxUI.exe
2011-03-25 22:29 . 2011-03-25 22:29 179736 ----a-w- c:\windows\system32\difx64.exe
2011-03-25 22:24 . 2011-03-25 22:24 90112 ----a-w- c:\windows\system32\igfxCoIn_v2342.dll
2011-03-25 22:17 . 2011-03-25 22:17 12262336 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2011-03-25 22:17 . 2010-08-26 00:36 7473664 ----a-w- c:\windows\system32\igdumd64.dll
2011-03-25 22:16 . 2011-03-25 22:16 128204 ----a-w- c:\windows\system32\igcompkrng575.bin
2011-03-25 22:16 . 2011-03-25 22:16 867020 ----a-w- c:\windows\system32\igkrng575.bin
2011-03-25 22:16 . 2011-03-25 22:16 105428 ----a-w- c:\windows\system32\igfcg575m.bin
2011-03-25 22:12 . 2011-02-11 23:12 5692416 ----a-w- c:\windows\SysWow64\igdumd32.dll
2011-03-25 22:08 . 2011-02-11 23:09 575488 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2011-03-25 22:05 . 2010-03-05 19:56 7386624 ----a-w- c:\windows\system32\igd10umd64.dll
2011-03-25 22:02 . 2011-03-25 22:02 6068736 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2011-03-25 21:54 . 2011-03-25 21:54 19592704 ----a-w- c:\windows\system32\ig4icd64.dll
2011-03-25 21:45 . 2011-03-25 21:45 14294016 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2011-03-25 21:40 . 2011-03-25 21:40 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2011-03-25 21:40 . 2011-03-25 21:40 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2011-03-25 21:40 . 2011-03-25 21:40 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2011-03-25 21:40 . 2011-03-25 21:40 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2011-03-25 21:40 . 2011-03-25 21:40 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2011-03-25 21:40 . 2011-03-25 21:40 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2011-03-25 21:40 . 2011-03-25 21:40 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2011-03-25 21:40 . 2011-03-25 21:40 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2011-03-25 21:40 . 2011-03-25 21:40 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2011-03-25 21:40 . 2011-03-25 21:40 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2011-03-25 21:40 . 2011-03-25 21:40 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2011-03-25 21:40 . 2011-03-25 21:40 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2011-03-25 21:39 . 2010-03-05 19:57 335872 ----a-w- c:\windows\system32\igfxpph.dll
2011-03-25 21:39 . 2011-03-25 21:39 380928 ----a-w- c:\windows\system32\igfxTMM.dll
2011-03-25 21:39 . 2011-03-25 21:39 28672 ----a-w- c:\windows\system32\igfxexps.dll
2011-03-25 21:39 . 2010-03-05 19:57 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-03-25 21:39 . 2010-03-05 19:56 109056 ----a-w- c:\windows\system32\hccutils.dll
2011-03-25 21:38 . 2011-03-25 21:38 144896 ----a-w- c:\windows\system32\gfxSrvc.dll
2011-03-25 21:38 . 2011-03-25 21:38 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2011-03-25 21:38 . 2011-02-11 22:45 385024 ----a-w- c:\windows\system32\igfxdev.dll
2011-03-25 21:38 . 2011-03-25 21:38 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2011-03-25 21:38 . 2011-03-25 21:38 142336 ----a-w- c:\windows\system32\igfxdo.dll
2011-03-25 21:38 . 2010-03-05 19:57 9014784 ----a-w- c:\windows\system32\igfxress.dll
2011-03-25 21:34 . 2011-03-25 21:34 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2011-03-25 21:33 . 2011-03-25 21:33 288768 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2011-03-25 21:28 . 2011-03-25 21:28 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll
2011-03-25 21:28 . 2011-03-25 21:28 142848 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1486392]
"SoundIt"="c:\program files (x86)\soundit.exe" [2011-04-14 225902]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-04-22 421888]
"Lexmark 7600 Series"="c:\program files (x86)\Lexmark 7600 Series\fm3032.exe" [2008-09-10 311976]
"AT&T Communication Manager"="c:\program files (x86)\AT&T\Communication Manager\ATTCM.exe" [2009-10-26 883272]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R3 ALSysIO;ALSysIO;c:\users\Todd\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-10-09 121416]
R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-10-09 125512]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [x]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2009-08-24 81920]
R4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
R4 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe [2009-10-16 1044136]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe [2009-10-16 33960]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 149032]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 98105694
*Deregistered* - 98105694
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 19:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-07 15:28]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-07 15:28]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3983965866-2305275393-491574992-1000Core.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 14:59]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3983965866-2305275393-491574992-1000UA.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 14:59]
.
2011-06-09 c:\windows\Tasks\HPCeeScheduleForTodd.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
2011-06-08 c:\windows\Tasks\vtscheduletask.job
- c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2011-04-14 18:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-04-17 6489704]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"lxdwmon.exe"="c:\program files (x86)\Lexmark 7600 Series\lxdwmon.exe" [2008-09-10 676520]
"lxdwamon"="c:\program files (x86)\Lexmark 7600 Series\lxdwamon.exe" [2008-09-10 16040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1 68.87.85.102 68.87.69.150
FF - ProfilePath - c:\users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\eq5e45dp.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKCU-Run-JDCSVWN - c:\users\Todd\AppData\Roaming\WSDApi0.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-10 23:27:58
ComboFix-quarantined-files.txt 2011-06-11 05:27
.
Pre-Run: 183,009,271,808 bytes free
Post-Run: 183,830,220,800 bytes free
.
- - End Of File - - DD1A22B71286E4A931336184F7F6510B

#5 StrandedProgress

StrandedProgress
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 11 June 2011 - 12:39 AM

Results of screen317's Security Check version 0.99.13
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee AntiVirus Plus
McAfee Virtual Technician
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 25
Out of date Java installed!
Adobe Flash Player
Adobe Reader X (10.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#6 StrandedProgress

StrandedProgress
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 11 June 2011 - 12:39 AM

Results of screen317's Security Check version 0.99.13
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee AntiVirus Plus
McAfee Virtual Technician
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 25
Out of date Java installed!
Adobe Flash Player
Adobe Reader X (10.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#7 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:52 AM

Posted 11 June 2011 - 06:27 AM

Hello again. ComboFix found some stuff, but there is more that needs doing.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please do the following:
  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

-------------

In your next reply, please include:
  • aswMBR log, and MBR.dat zip file

How is your computer running now?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#8 StrandedProgress

StrandedProgress
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 11 June 2011 - 01:30 PM

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-11 12:23:55
-----------------------------
12:23:55.376 OS Version: Windows x64 6.1.7601 Service Pack 1
12:23:55.376 Number of processors: 4 586 0x2502
12:23:55.378 ComputerName: TODD-PC UserName: Todd
12:23:57.790 Initialize success
12:24:10.534 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:24:10.540 Disk 0 Vendor: TOSHIBA_ LH00 Size: 476940MB BusType: 3
12:24:10.555 Disk 0 MBR read successfully
12:24:10.560 Disk 0 MBR scan
12:24:10.565 Disk 0 unknown MBR code
12:24:10.572 Service scanning
12:24:11.722 Disk 0 trace - called modules:
12:24:11.737 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:24:11.745 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c1a060]
12:24:11.753 3 CLASSPNP.SYS[fffff88001bcf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004985050]
12:24:11.761 Scan finished successfully
12:25:19.252 Disk 0 MBR has been saved successfully to "C:\Users\Todd\Documents\BleepingComp\MBR.dat"
12:25:19.341 The log file has been saved successfully to "C:\Users\Todd\Documents\BleepingComp\aswMBR.txt"

#9 StrandedProgress

StrandedProgress
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 11 June 2011 - 01:51 PM

There's a new problem. When I attempt to send something to recycle it gives me a message that the recycle bin is corrupt and asks if I would like to delete the recycle bin. It will not let me send anything to the bin or empty the bin.

All of the other issues still remain.

Edited by StrandedProgress, 11 June 2011 - 01:52 PM.


#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:52 AM

Posted 11 June 2011 - 02:24 PM

Hello again. We'll worry about Recycle Bin later once we get rid of the main infection.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::
98105694
File::
c:\windows\system32\DRIVERS\98105694.sys
Reglock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

-------------

In your next reply, please include:
  • C:\ComboFix.txt

How is your computer running now?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#11 StrandedProgress

StrandedProgress
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 11 June 2011 - 03:49 PM

Everything seems to be working better now. I had to restart a couple of times and some times it runs fine after restart for a little while. I am able to access the recycle bin now,



ComboFix 11-06-10.09 - Todd 11-Jun-11 13:53:22.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2044 [GMT -6:00]
Running from: c:\users\Todd\Desktop\ComboFix.exe
Command switches used :: c:\users\Todd\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\DRIVERS\98105694.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_98105694
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 20:30 . 2011-06-11 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 06:14 . 2011-06-11 06:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-10 18:02 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D4BA63D-7DF5-43F6-BAB8-F7662DDF3548}\mpengine.dll
2011-06-03 20:51 . 2011-06-03 20:51 -------- d-----w- c:\users\Todd\AppData\Roaming\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
2011-06-03 03:47 . 2011-06-03 03:47 -------- d-----w- c:\program files (x86)\Runtime Software
2011-06-03 00:01 . 2011-06-08 17:50 -------- d-----w- c:\users\Todd\AppData\Roaming\SUPERAntiSpyware.com
2011-06-03 00:01 . 2011-06-03 00:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-03 00:01 . 2011-06-03 00:01 -------- d-----w- c:\programdata\!SASCORE
2011-06-03 00:01 . 2011-06-09 22:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-02 15:29 . 2011-06-02 15:29 -------- d-----w- c:\program files (x86)\Trend Micro
2011-06-02 07:01 . 2011-06-08 17:50 -------- d-----w- c:\users\Todd\AppData\Roaming\Yahoo!
2011-06-01 23:06 . 2011-06-08 17:57 -------- d-----w- c:\users\DefaultAppPool
2011-06-01 05:12 . 2011-06-01 05:12 -------- d-----w- c:\windows\SysWow64\BestPractices
2011-06-01 05:12 . 2011-06-01 05:12 -------- d-----w- c:\windows\system32\BestPractices
2011-06-01 05:12 . 2011-06-01 05:19 -------- d-----w- C:\inetpub
2011-05-24 20:53 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-23 01:43 . 2009-10-16 18:43 300032 ----a-w- c:\windows\system32\lxdwgrd.dll
2011-05-23 01:43 . 2009-10-16 18:54 987648 ----a-w- c:\windows\system32\lxdwpmui.dll
2011-05-23 01:43 . 2009-10-16 18:54 1661952 ----a-w- c:\windows\system32\lxdwserv.dll
2011-05-23 01:43 . 2009-10-16 18:54 897024 ----a-w- c:\windows\system32\lxdwlmpm.dll
2011-05-23 01:43 . 2009-10-16 18:54 548352 ----a-w- c:\windows\system32\lxdwinpa.dll
2011-05-23 01:43 . 2009-10-16 18:54 513024 ----a-w- c:\windows\system32\lxdwiesc.dll
2011-05-23 01:43 . 2009-10-16 18:54 1338368 ----a-w- c:\windows\system32\lxdwusb1.dll
2011-05-23 01:43 . 2009-10-16 18:54 1091584 ----a-w- c:\windows\system32\lxdwhbn3.dll
2011-05-23 01:43 . 2009-10-16 18:54 580608 ----a-w- c:\windows\system32\lxdwcomm.dll
2011-05-23 01:43 . 2009-10-16 18:54 1291264 ----a-w- c:\windows\system32\lxdwcomc.dll
2011-05-20 05:22 . 2011-05-20 05:22 -------- d-----w- c:\users\Todd\AppData\Local\Apple Computer
2011-05-20 05:18 . 2011-05-20 05:18 -------- d-----w- c:\users\Todd\AppData\Roaming\Apple Computer
2011-05-20 03:21 . 2011-05-20 03:21 -------- d-----w- c:\users\Todd\AppData\Local\AT&T
2011-05-20 03:18 . 2009-01-14 21:20 34304 ----a-w- c:\windows\system32\drivers\swmsflt.sys
2011-05-20 03:16 . 2011-05-20 03:16 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-05-20 03:15 . 2011-05-20 03:15 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2011-05-20 03:15 . 2011-05-20 03:15 -------- d-----w- c:\program files (x86)\Common Files\PctelEapPeer Authentication
2011-05-20 03:15 . 2011-05-20 03:15 -------- d-----w- c:\programdata\AT&T
2011-05-20 03:15 . 2011-05-20 03:15 -------- d-----w- c:\program files (x86)\AT&T
2011-05-20 03:08 . 2011-05-20 03:09 -------- d-----w- c:\program files (x86)\Sierra Wireless Inc
2011-05-20 03:08 . 2011-05-20 03:08 -------- d-----w- c:\users\Todd\AppData\Roaming\Sierra Wireless
2011-05-19 07:58 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-05-19 05:56 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-19 05:56 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-16 16:46 . 2011-06-08 17:47 -------- d-----w- c:\users\Todd\AppData\Local\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 06:13 . 2010-08-24 06:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-24 21:30 . 2011-04-24 21:30 8673792 ----a-w- c:\programdata\atscie.msi
2011-04-18 20:42 . 2011-04-18 20:42 158976 ----a-w- c:\windows\system32\drivers\Impcd.sys
2011-04-17 22:25 . 2011-04-17 22:25 2048104 ----a-w- c:\windows\system32\RtPgEx64.dll
2011-04-17 22:25 . 2011-04-17 22:25 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
2011-04-17 22:25 . 2011-04-17 22:25 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2011-04-17 22:25 . 2011-04-17 22:25 2494056 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2011-04-17 22:25 . 2011-04-17 22:25 569960 ----a-w- c:\windows\system32\RtkApi64.dll
2011-04-17 22:25 . 2011-04-17 22:25 2625640 ----a-w- c:\windows\system32\RtkAPO64.dll
2011-04-17 22:25 . 2011-04-17 22:25 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2011-04-17 22:25 . 2011-04-17 22:25 1215592 ----a-w- c:\windows\system32\RTCOM64.dll
2011-04-17 22:25 . 2011-04-17 22:25 80488 ----a-w- c:\windows\system32\RCoInst64.dll
2011-04-17 22:25 . 2011-04-17 22:25 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2011-04-17 22:25 . 2010-05-23 08:17 1251944 ----a-w- c:\windows\RtlExUpd.dll
2011-04-14 18:01 . 2011-04-12 22:07 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-04-14 18:01 . 2011-03-12 22:46 530304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 18:01 . 2011-03-12 22:46 121376 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 18:01 . 2011-03-12 22:37 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 18:01 . 2011-03-12 22:37 94992 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 18:01 . 2011-03-12 22:37 75160 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-04-14 18:01 . 2011-03-12 22:37 63056 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 18:01 . 2011-03-12 22:37 441840 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 18:01 . 2011-03-12 22:37 190520 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 09:44 . 2011-04-14 09:44 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-14 01:57 . 2011-04-14 01:57 225902 --sha-w- c:\program files (x86)\soundit.exe
2011-04-12 22:18 . 2010-12-01 19:18 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-12 22:18 . 2010-12-01 18:17 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-11 01:19 . 2011-04-11 01:19 214230 --sha-w- c:\program files (x86)\blankit.exe
2011-04-09 07:35 . 2010-08-28 15:48 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-04-09 07:02 . 2011-05-11 03:44 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:02 . 2011-05-11 03:44 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 03:44 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-03-30 20:44 . 2011-03-26 18:25 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-03-30 20:42 . 2010-12-01 19:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-27 12:46 . 2011-03-27 12:46 34816 --sha-w- c:\program files (x86)\nircmdc.exe
2011-03-26 18:25 . 2010-12-01 18:17 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-26 18:25 . 2010-12-01 18:17 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-03-25 22:29 . 2011-03-25 22:29 167960 ----a-w- c:\windows\system32\igfxtray.exe
2011-03-25 22:29 . 2011-03-25 22:29 509976 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-03-25 22:29 . 2011-03-25 22:29 418840 ----a-w- c:\windows\system32\igfxpers.exe
2011-03-25 22:29 . 2011-03-25 22:29 391704 ----a-w- c:\windows\system32\hkcmd.exe
2011-03-25 22:29 . 2011-03-25 22:29 239128 ----a-w- c:\windows\system32\igfxext.exe
2011-03-25 22:29 . 2011-03-25 22:29 4370456 ----a-w- c:\windows\system32\GfxUI.exe
2011-03-25 22:29 . 2011-03-25 22:29 179736 ----a-w- c:\windows\system32\difx64.exe
2011-03-25 22:24 . 2011-03-25 22:24 90112 ----a-w- c:\windows\system32\igfxCoIn_v2342.dll
2011-03-25 22:17 . 2011-03-25 22:17 12262336 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2011-03-25 22:17 . 2010-08-26 00:36 7473664 ----a-w- c:\windows\system32\igdumd64.dll
2011-03-25 22:16 . 2011-03-25 22:16 128204 ----a-w- c:\windows\system32\igcompkrng575.bin
2011-03-25 22:16 . 2011-03-25 22:16 867020 ----a-w- c:\windows\system32\igkrng575.bin
2011-03-25 22:16 . 2011-03-25 22:16 105428 ----a-w- c:\windows\system32\igfcg575m.bin
2011-03-25 22:12 . 2011-02-11 23:12 5692416 ----a-w- c:\windows\SysWow64\igdumd32.dll
2011-03-25 22:08 . 2011-02-11 23:09 575488 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2011-03-25 22:05 . 2010-03-05 19:56 7386624 ----a-w- c:\windows\system32\igd10umd64.dll
2011-03-25 22:02 . 2011-03-25 22:02 6068736 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2011-03-25 21:54 . 2011-03-25 21:54 19592704 ----a-w- c:\windows\system32\ig4icd64.dll
2011-03-25 21:45 . 2011-03-25 21:45 14294016 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2011-03-25 21:40 . 2011-03-25 21:40 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2011-03-25 21:40 . 2011-03-25 21:40 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2011-03-25 21:40 . 2011-03-25 21:40 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2011-03-25 21:40 . 2011-03-25 21:40 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2011-03-25 21:40 . 2011-03-25 21:40 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2011-03-25 21:40 . 2011-03-25 21:40 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2011-03-25 21:40 . 2011-03-25 21:40 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2011-03-25 21:40 . 2011-03-25 21:40 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2011-03-25 21:40 . 2011-03-25 21:40 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2011-03-25 21:40 . 2011-03-25 21:40 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2011-03-25 21:40 . 2011-03-25 21:40 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2011-03-25 21:40 . 2011-03-25 21:40 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2011-03-25 21:40 . 2011-03-25 21:40 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2011-03-25 21:39 . 2010-03-05 19:57 335872 ----a-w- c:\windows\system32\igfxpph.dll
2011-03-25 21:39 . 2011-03-25 21:39 380928 ----a-w- c:\windows\system32\igfxTMM.dll
2011-03-25 21:39 . 2011-03-25 21:39 28672 ----a-w- c:\windows\system32\igfxexps.dll
2011-03-25 21:39 . 2010-03-05 19:57 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-03-25 21:39 . 2010-03-05 19:56 109056 ----a-w- c:\windows\system32\hccutils.dll
2011-03-25 21:38 . 2011-03-25 21:38 144896 ----a-w- c:\windows\system32\gfxSrvc.dll
2011-03-25 21:38 . 2011-03-25 21:38 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2011-03-25 21:38 . 2011-02-11 22:45 385024 ----a-w- c:\windows\system32\igfxdev.dll
2011-03-25 21:38 . 2011-03-25 21:38 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2011-03-25 21:38 . 2011-03-25 21:38 142336 ----a-w- c:\windows\system32\igfxdo.dll
2011-03-25 21:38 . 2010-03-05 19:57 9014784 ----a-w- c:\windows\system32\igfxress.dll
2011-03-25 21:34 . 2011-03-25 21:34 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2011-03-25 21:33 . 2011-03-25 21:33 288768 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2011-03-25 21:28 . 2011-03-25 21:28 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll
2011-03-25 21:28 . 2011-03-25 21:28 142848 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1486392]
"SoundIt"="c:\program files (x86)\soundit.exe" [2011-04-14 225902]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-04-22 421888]
"Lexmark 7600 Series"="c:\program files (x86)\Lexmark 7600 Series\fm3032.exe" [2008-09-10 311976]
"AT&T Communication Manager"="c:\program files (x86)\AT&T\Communication Manager\ATTCM.exe" [2009-10-26 883272]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 ALSysIO;ALSysIO;c:\users\Todd\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2009-10-09 121416]
R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2009-10-09 125512]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [x]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2009-08-24 81920]
R4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
R4 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe [2009-10-16 1044136]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe [2009-10-16 33960]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 149032]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 19:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-07 15:28]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-07 15:28]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3983965866-2305275393-491574992-1000Core.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 14:59]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3983965866-2305275393-491574992-1000UA.job
- c:\users\Todd\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-25 14:59]
.
2011-06-09 c:\windows\Tasks\HPCeeScheduleForTodd.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
2011-06-08 c:\windows\Tasks\vtscheduletask.job
- c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2011-04-14 18:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF11590.cfxxe" [X]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-04-17 6489704]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"lxdwmon.exe"="c:\program files (x86)\Lexmark 7600 Series\lxdwmon.exe" [2008-09-10 676520]
"lxdwamon"="c:\program files (x86)\Lexmark 7600 Series\lxdwamon.exe" [2008-09-10 16040]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1 68.87.85.102 68.87.69.150
FF - ProfilePath - c:\users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\eq5e45dp.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2011-06-11 14:39:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-11 20:39
ComboFix2.txt 2011-06-11 05:27
.
Pre-Run: 192,332,746,752 bytes free
Post-Run: 191,565,938,688 bytes free
.
- - End Of File - - 951155A9381E98CE62371C7D8FC3577F

#12 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:52 AM

Posted 11 June 2011 - 10:19 PM

Hello again. I am glad to hear that you now have access to the Recycle Bin again, and that your computer is running smoother. :)

Let's run some more scans to make sure the bad stuff is all gone.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download Malwarebytes' Anti-Malware to your Desktop
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK for either of the prompts and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

-------------

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

-------------

In your next reply, please include:
  • MBAM log
  • ESET Online Scan log

How is your computer running now?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#13 StrandedProgress

StrandedProgress
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 12 June 2011 - 01:18 AM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6838

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12-Jun-11 12:05:38 AM
mbam-log-2011-06-12 (00-05-37).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 415702
Time elapsed: 1 hour(s), 35 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 StrandedProgress

StrandedProgress
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 12 June 2011 - 02:55 AM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK



It found a treat and removed it. Is this the right log?

#15 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:05:52 AM

Posted 12 June 2011 - 10:51 AM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK



It found a treat and removed it. Is this the right log?


No, the right log is located at C:\Program Files\EsetOnlineScanner\log.txt
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users