Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect


  • This topic is locked This topic is locked
82 replies to this topic

#1 CJSites

CJSites

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 02 December 2011 - 09:12 AM

Hi. Hoping you can help. Tearing my hair out over this redirect (sad thing is I'm already bald). Here is a HiJackthis log. Search results are good but links take you somewhere else.Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:36:07 AM, on 12/2/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:54929
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PhotoJoy US Toolbar - {f2c43291-151e-499c-98a7-923c120b88fa} - C:\Program Files (x86)\PhotoJoy_US\prxtbPho0.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111201135856.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: PhotoJoy US - {f2c43291-151e-499c-98a7-923c120b88fa} - C:\Program Files (x86)\PhotoJoy_US\prxtbPho0.dll
O3 - Toolbar: PhotoJoy US Toolbar - {f2c43291-151e-499c-98a7-923c120b88fa} - C:\Program Files (x86)\PhotoJoy_US\prxtbPho0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [AROReminder] C:\Program Files (x86)\ARO 2011\ARO.exe -rem
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: c:\progra~2\wi3c8a~1\datamngr\datamngr.dll c:\progra~2\wi3c8a~1\datamngr\iebho.dll c:\progra~2\bandoo\bndhook.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\PROGRA~2\Bandoo\Bandoo.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12025 bytes


Thanks

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 04 December 2011 - 12:07 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 CJSites

CJSites
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 05 December 2011 - 09:14 AM

Hi Gringo
Thanks for getting back to me. I have a browser redirect that I can't figure out. Searches are good but clicking on links redirects. Was getting radios playing in backround but that seems to have stopped. Here are the logs you asked for. Thanks for any help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Owner at 8:52:59 on 2011-12-05
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.2566 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\PROGRA~2\Bandoo\Bandoo.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uInternet Settings,ProxyServer = http=127.0.0.1:54929
uURLSearchHooks: PhotoJoy US Toolbar: {f2c43291-151e-499c-98a7-923c120b88fa} - C:\Program Files (x86)\PhotoJoy_US\prxtbPho0.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mURLSearchHooks: PhotoJoy US Toolbar: {f2c43291-151e-499c-98a7-923c120b88fa} - C:\Program Files (x86)\PhotoJoy_US\prxtbPho0.dll
BHO: MRI_DISABLED - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111201135856.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: PhotoJoy US Toolbar: {f2c43291-151e-499c-98a7-923c120b88fa} - C:\Program Files (x86)\PhotoJoy_US\prxtbPho0.dll
TB: PhotoJoy US Toolbar: {f2c43291-151e-499c-98a7-923c120b88fa} - C:\Program Files (x86)\PhotoJoy_US\prxtbPho0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [AROReminder] C:\Program Files (x86)\ARO 2011\ARO.exe -rem
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.253
TCP: Interfaces\{7D287C28-25CA-43BA-927F-73700911E70E} : DhcpNameServer = 192.168.1.253
TCP: Interfaces\{7D287C28-25CA-43BA-927F-73700911E70E}\14E64627F69646455647865627 : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{7D287C28-25CA-43BA-927F-73700911E70E}\261636860393A2 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7D287C28-25CA-43BA-927F-73700911E70E}\75963737E45445 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{7D287C28-25CA-43BA-927F-73700911E70E}\84162747 : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{7D287C28-25CA-43BA-927F-73700911E70E}\A456E6E6D20534D275962756C6563737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7D287C28-25CA-43BA-927F-73700911E70E}\C696E6B6379737 : DhcpNameServer = 68.87.77.134 68.87.72.134
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~2\wi3c8a~1\datamngr\datamngr.dll c:\progra~2\wi3c8a~1\datamngr\iebho.dll c:\progra~2\bandoo\bndhook.dll
BHO-X64: MRI_DISABLED - No File
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111201135856.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: PhotoJoy US Toolbar: {f2c43291-151e-499c-98a7-923c120b88fa} - C:\Program Files (x86)\PhotoJoy_US\prxtbPho0.dll
BHO-X64: PhotoJoy US - No File
TB-X64: PhotoJoy US Toolbar: {f2c43291-151e-499c-98a7-923c120b88fa} - C:\Program Files (x86)\PhotoJoy_US\prxtbPho0.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
AppInit_DLLs-X64: c:\progra~2\wi3c8a~1\datamngr\datamngr.dll c:\progra~2\wi3c8a~1\datamngr\iebho.dll c:\progra~2\bandoo\bndhook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-11-9 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2011-12-1 102608]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-1 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-1 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-1 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-12-1 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-12-1 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-9-7 202048]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-30 1153368]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-9 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-10-29 255744]
S4 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-11-9 332272]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-2 2320920]
S4 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-9 240160]
.
=============== Created Last 30 ================
.
2011-12-02 13:30:50 388096 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-02 13:30:49 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-12-02 13:18:43 -------- d-----w- C:\Users\Owner\AppData\Roaming\SpeedMaxPc
2011-12-02 13:18:43 -------- d-----w- C:\Users\Owner\AppData\Roaming\DriverCure
2011-12-02 13:18:25 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedMaxPc
2011-12-02 13:18:24 -------- d-----w- C:\ProgramData\SpeedMaxPc
2011-12-01 19:00:18 -------- d-----w- C:\Program Files\McAfee.com
2011-12-01 18:58:53 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-12-01 18:58:43 161168 ----a-w- C:\Windows\System32\mfevtps.exe
2011-12-01 18:58:38 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-12-01 18:58:38 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-12-01 18:58:38 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-12-01 18:58:38 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-12-01 18:58:38 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-12-01 18:58:38 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-12-01 18:58:38 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-12-01 18:58:38 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-12-01 14:19:38 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2011-12-01 14:19:31 -------- d-----w- C:\Program Files\McAfee
2011-12-01 14:19:24 -------- d-----w- C:\Program Files\Common Files\McAfee
2011-12-01 14:19:24 -------- d-----w- C:\Program Files (x86)\McAfee.com
2011-12-01 14:19:23 -------- d-----w- C:\Program Files (x86)\McAfee
2011-11-30 21:21:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-30 21:21:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-30 17:52:03 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-30 16:32:21 -------- d-----w- C:\ComboFix
2011-11-29 21:14:56 -------- d-----w- C:\Windows\System32\SPReview
2011-11-29 21:00:49 -------- d-----w- C:\Windows\CheckSur
2011-11-29 18:50:42 -------- d-----w- C:\Program Files\CCleaner
2011-11-25 01:42:20 -------- d-----w- C:\Users\Owner\AppData\Roaming\n1uvD2obFpGsJdK
2011-11-25 01:42:20 -------- d-----w- C:\Users\Owner\AppData\Roaming\eRZ9hYXwjVlBzNc
2011-11-25 01:37:17 -------- d-----w- C:\Users\Owner\AppData\Roaming\vK8fRL9hTq
2011-11-25 01:37:17 -------- d-----w- C:\Users\Owner\AppData\Roaming\HUCekIBrzNx0v2b
2011-11-23 21:48:20 -------- d-----w- C:\Users\Owner\AppData\Roaming\DUVelIBtzNc1v2b
2011-11-23 21:48:20 -------- d-----w- C:\Users\Owner\AppData\Roaming\AF4pmH5sQ7E8R9Y
2011-11-21 23:11:03 -------- d-----w- C:\Users\Owner\AppData\Roaming\SvD3onF4aH
2011-11-21 23:11:03 -------- d-----w- C:\Users\Owner\AppData\Roaming\CYCwkUVrlBx0c1
2011-11-20 17:07:45 -------- d-----w- C:\Program Files (x86)\5BADF
2011-11-20 17:07:13 -------- d-----w- C:\Users\Owner\AppData\Roaming\AC95B
2011-11-20 17:07:08 -------- d-----w- C:\Users\Owner\AppData\Roaming\XpmGGsQJEK8fZhX
2011-11-20 17:07:08 -------- d-----w- C:\Users\Owner\AppData\Roaming\xIBttPPNcA1v2oF
2011-11-20 17:06:59 -------- d-----w- C:\Users\Owner\AppData\Roaming\HyyxA11vS2bFpGa
2011-11-20 17:06:58 -------- d-----w- C:\Users\Owner\AppData\Roaming\sK88gRZ9YXwjVlB
2011-11-20 17:06:57 -------- d-----w- C:\Users\Owner\AppData\Roaming\JwkkUVelBtzPyAi
2011-11-20 17:06:48 -------- d-----w- C:\Users\Owner\AppData\Roaming\R7ddEK8gZ9hYwUe
2011-11-20 17:06:48 -------- d-----w- C:\Users\Owner\AppData\Roaming\o99hTXwjUelIrPy
2011-11-18 22:23:39 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4A2074DF-BB3B-43D7-8089-6C1539A720B0}\mpengine.dll
2011-11-17 23:00:44 -------- d-----w- C:\Program Files\iPod
2011-11-17 23:00:43 -------- d-----w- C:\Program Files\iTunes
2011-11-17 22:39:43 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-17 22:39:43 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-17 22:39:42 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-17 22:39:40 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 15:47:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-11-09 15:47:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-11-09 15:47:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-11-09 15:47:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-11-09 15:47:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-11-09 15:47:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-11-09 15:47:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-11-08 19:14:51 98816 ----a-w- C:\Windows\sed.exe
2011-11-08 19:14:51 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-08 19:14:51 256000 ----a-w- C:\Windows\PEV.exe
2011-11-08 19:14:51 208896 ----a-w- C:\Windows\MBR.exe
2011-11-08 18:13:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2011-11-08 18:13:43 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-08 18:13:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-05 14:16:00 -------- d-----w- C:\Windows\System32\EventProviders
.
==================== Find3M ====================
.
2011-11-17 23:03:20 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-27 00:46:55 1316224 ----a-w- C:\Windows\SysWow64\PhotoJoy Screensaver.scr
.
============= FINISH: 9:02:02.60 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/14/2010 5:37:32 PM
System Uptime: 12/5/2011 8:31:43 AM (1 hours ago)
.
Motherboard: Gateway | | NV79
Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz | CPU | 2133/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 406.613 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP406: 11/29/2011 2:45:16 PM - Windows 7 Service Pack 1
RP407: 11/29/2011 4:00:33 PM - Windows Update
RP408: 11/29/2011 4:13:36 PM - Windows Update
RP409: 12/2/2011 8:30:32 AM - Installed HiJackThis
RP410: 12/5/2011 8:42:15 AM - Windows Backup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 MUI
Amazon Kindle
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Software Update
ARO 2011
Audible Download Manager
Backup Manager Basic
Bandoo
Compatibility Pack for the 2007 Office system
CyberLink PowerDVD 8
Facebook Video Calling 1.0.0.8953
FrostWire 4.21.5
FrostWire 5.1.4
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Identity Card
iLivid
InfraRecorder
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Java Auto Updater
Java™ 6 Update 26
Junk Mail filter update
Launch Manager
LimeWire 5.5.16
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Total Protection
Microsoft Choice Guard
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MotoHelper 2.0.24 Driver 4.7.1
MotoHelper MergeModules
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PhotoJoy
PhotoJoy US Toolbar
PriceGong 2.0.0
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Roxio Burn
Roxio Update Manager
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shop to Win 2
Skype™ 5.0
Spybot - Search & Destroy
Super Collapse! 3 Endless
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
vGrabber
Video Web Camera
Welcome Center
Windows iLivid Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
12/1/2011 3:40:42 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/1/2011 3:36:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
12/1/2011 3:36:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
12/1/2011 3:31:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/1/2011 3:04:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
12/1/2011 3:04:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/1/2011 3:04:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/1/2011 3:04:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/1/2011 3:04:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaSvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
12/1/2011 3:03:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/1/2011 3:03:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
12/1/2011 10:13:51 AM, Error: Service Control Manager [7000] - The mferkdk service failed to start due to the following error: The specified procedure could not be found.
11/30/2011 7:21:58 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
11/30/2011 3:53:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/30/2011 3:53:50 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/30/2011 3:53:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/30/2011 3:53:19 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/30/2011 3:53:19 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
11/30/2011 12:19:02 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/29/2011 9:25:09 AM, Error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/29/2011 9:24:50 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/29/2011 9:23:48 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/29/2011 9:22:47 AM, Error: Service Control Manager [7034] - The Bandoo Coordinator service terminated unexpectedly. It has done this 2 time(s).
11/29/2011 9:22:46 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/29/2011 9:21:45 AM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2011 9:21:44 AM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
11/29/2011 9:21:44 AM, Error: Service Control Manager [7034] - The GRegService service terminated unexpectedly. It has done this 1 time(s).
11/29/2011 9:21:44 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2011 9:21:44 AM, Error: Service Control Manager [7034] - The Acer ePower Service service terminated unexpectedly. It has done this 1 time(s).
11/29/2011 9:21:44 AM, Error: Service Control Manager [7031] - The Bandoo Coordinator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/29/2011 9:21:44 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/29/2011 2:30:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
11/29/2011 2:08:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/29/2011 12:09:44 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/29/2011 11:34:15 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
11/29/2011 10:48:11 AM, Error: Service Control Manager [7030] - The Local System Utility service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/29/2011 10:12:03 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
11/29/2011 10:12:03 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
11/29/2011 1:40:43 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
11/28/2011 9:13:09 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
.
==== End Of File ===========================

#4 CJSites

CJSites
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 05 December 2011 - 10:00 AM

Spoke too soon. Radio ads playiong again

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 05 December 2011 - 02:59 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 CJSites

CJSites
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 06 December 2011 - 06:23 AM

Hi Gringo. After Combofix still redirecting here's the log. I will tell you that I've used combofix before and I tried it for this already. I thought it worked the first time because it seemed to work for a short while but the redirects returned. Thanks

ComboFix 11-12-05.04 - Owner 12/05/2011 15:28:27.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.2540 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
.
.
2011-12-05 20:58 . 2011-12-05 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-05 20:58 . 2011-12-05 20:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-12-02 13:30 . 2011-12-02 13:30 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-02 13:30 . 2011-12-02 13:30 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-02 13:18 . 2011-12-02 13:18 -------- d-----w- c:\users\Owner\AppData\Roaming\SpeedMaxPc
2011-12-02 13:18 . 2011-12-02 13:18 -------- d-----w- c:\users\Owner\AppData\Roaming\DriverCure
2011-12-02 13:18 . 2011-12-02 13:18 -------- d-----w- c:\program files (x86)\Common Files\SpeedMaxPc
2011-12-02 13:18 . 2011-12-02 13:22 -------- d-----w- c:\programdata\SpeedMaxPc
2011-12-01 18:58 . 2011-10-15 18:16 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-12-01 18:58 . 2011-10-18 19:32 161168 ----a-w- c:\windows\system32\mfevtps.exe
2011-12-01 18:58 . 2011-10-15 18:16 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-12-01 18:58 . 2011-10-15 18:16 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-12-01 18:58 . 2011-10-15 18:16 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-12-01 18:58 . 2011-10-15 18:16 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-12-01 18:58 . 2011-10-15 18:16 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-12-01 18:58 . 2011-10-15 18:16 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-12-01 18:58 . 2011-10-15 18:16 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-12-01 18:58 . 2011-10-15 18:16 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-12-01 14:19 . 2011-12-01 20:41 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2011-12-01 14:19 . 2011-12-01 19:04 -------- d-----w- c:\program files\McAfee
2011-12-01 14:19 . 2011-12-01 19:00 -------- d-----w- c:\program files\Common Files\McAfee
2011-12-01 14:19 . 2011-12-01 20:41 -------- d-----w- c:\program files (x86)\McAfee
2011-11-30 21:21 . 2011-12-01 20:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-30 21:21 . 2011-12-01 20:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-29 21:14 . 2011-11-29 21:14 -------- d-----w- c:\windows\system32\SPReview
2011-11-29 21:00 . 2011-11-29 21:00 -------- d-----w- c:\windows\CheckSur
2011-11-29 18:50 . 2011-11-29 18:50 -------- d-----w- c:\program files\CCleaner
2011-11-25 01:42 . 2011-11-25 01:47 -------- d-----w- c:\users\Owner\AppData\Roaming\n1uvD2obFpGsJdK
2011-11-25 01:42 . 2011-11-25 01:42 -------- d-----w- c:\users\Owner\AppData\Roaming\eRZ9hYXwjVlBzNc
2011-11-25 01:37 . 2011-11-25 01:37 -------- d-----w- c:\users\Owner\AppData\Roaming\HUCekIBrzNx0v2b
2011-11-25 01:37 . 2011-11-25 01:37 -------- d-----w- c:\users\Owner\AppData\Roaming\vK8fRL9hTq
2011-11-23 21:48 . 2011-11-23 21:48 -------- d-----w- c:\users\Owner\AppData\Roaming\DUVelIBtzNc1v2b
2011-11-23 21:48 . 2011-11-23 21:48 -------- d-----w- c:\users\Owner\AppData\Roaming\AF4pmH5sQ7E8R9Y
2011-11-21 23:11 . 2011-11-21 23:11 -------- d-----w- c:\users\Owner\AppData\Roaming\SvD3onF4aH
2011-11-21 23:11 . 2011-11-21 23:11 -------- d-----w- c:\users\Owner\AppData\Roaming\CYCwkUVrlBx0c1
2011-11-20 17:07 . 2011-11-29 15:17 -------- d-----w- c:\program files (x86)\5BADF
2011-11-20 17:07 . 2011-11-29 15:17 -------- d-----w- c:\users\Owner\AppData\Roaming\AC95B
2011-11-20 17:07 . 2011-11-20 17:07 -------- d-----w- c:\users\Owner\AppData\Roaming\XpmGGsQJEK8fZhX
2011-11-20 17:07 . 2011-11-20 17:07 -------- d-----w- c:\users\Owner\AppData\Roaming\xIBttPPNcA1v2oF
2011-11-20 17:06 . 2011-11-20 17:06 -------- d-----w- c:\users\Owner\AppData\Roaming\HyyxA11vS2bFpGa
2011-11-20 17:06 . 2011-11-25 01:47 -------- d-----w- c:\users\Owner\AppData\Roaming\sK88gRZ9YXwjVlB
2011-11-20 17:06 . 2011-11-20 17:06 -------- d-----w- c:\users\Owner\AppData\Roaming\JwkkUVelBtzPyAi
2011-11-20 17:06 . 2011-11-20 17:06 -------- d-----w- c:\users\Owner\AppData\Roaming\R7ddEK8gZ9hYwUe
2011-11-20 17:06 . 2011-11-20 17:06 -------- d-----w- c:\users\Owner\AppData\Roaming\o99hTXwjUelIrPy
2011-11-18 22:23 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A2074DF-BB3B-43D7-8089-6C1539A720B0}\mpengine.dll
2011-11-17 23:03 . 2011-11-17 23:03 -------- d-----w- c:\windows\system32\Macromed
2011-11-17 23:00 . 2011-11-17 23:00 -------- d-----w- c:\program files\iPod
2011-11-17 23:00 . 2011-11-17 23:01 -------- d-----w- c:\program files\iTunes
2011-11-17 22:39 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-17 22:39 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-17 22:39 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-17 22:39 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 15:47 . 2011-11-09 15:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-11-09 15:47 . 2011-11-09 15:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-11-09 15:47 . 2011-11-09 15:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-11-09 15:47 . 2011-11-09 15:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-11-09 15:47 . 2011-11-09 15:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-11-09 15:47 . 2011-11-09 15:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-11-09 15:47 . 2011-11-09 15:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-11-09 15:47 . 2011-11-09 15:47 -------- d-----w- c:\program files (x86)\QuickTime
2011-11-08 18:13 . 2011-11-08 18:13 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-11-08 18:13 . 2011-11-08 18:13 -------- d-----w- c:\programdata\Malwarebytes
2011-11-08 18:13 . 2011-12-01 21:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-05 15:48 . 2010-03-01 01:55 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-29 14:16 . 2010-09-30 02:22 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-11-29 14:11 . 2010-09-30 02:21 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-11-29 13:10 . 2010-01-28 22:20 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-17 23:03 . 2011-06-12 04:30 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-01 03:21 . 2011-10-11 21:49 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-11 21:49 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-27 00:46 . 2011-09-27 00:46 1316224 ----a-w- c:\windows\SysWow64\PhotoJoy Screensaver.scr
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-29_17.19.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-11-29 17:15 . 2011-11-29 17:15 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-01 14:29 . 2011-12-05 13:32 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-01 14:29 . 2011-12-05 13:32 16384 c:\windows\temp\History\History.IE5\index.dat
- 2011-11-29 17:15 . 2011-11-29 17:15 16384 c:\windows\temp\History\History.IE5\index.dat
+ 2011-12-01 14:29 . 2011-12-05 13:32 32768 c:\windows\temp\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-05 17:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-01 17:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-01 17:20 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-05 17:55 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-01 17:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-05 17:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-04 21:10 . 2011-12-04 06:12 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2011-11-04 21:10 . 2011-11-29 16:32 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-11-10 03:46 . 2011-12-01 20:43 38040 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-05 13:34 38548 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-14 22:39 . 2011-12-05 13:34 11342 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1251479114-3324364789-4273164213-1000_UserData.bin
- 2009-07-14 05:30 . 2011-11-17 22:59 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-12-01 18:59 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-12-01 18:58 . 2011-10-15 18:16 75808 c:\windows\system32\DriverStore\FileRepository\mfenlfk.inf_amd64_neutral_acec8c424d80b3f4\mfenlfk.sys
+ 2010-01-28 02:30 . 2011-12-05 13:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-28 02:30 . 2011-11-29 17:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-11-29 20:00 80672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-11-04 20:58 . 2011-11-29 17:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-04 20:58 . 2011-12-05 13:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-04 20:58 . 2011-11-29 17:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-11-04 20:58 . 2011-12-05 13:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-11-04 20:58 . 2011-11-29 17:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-11-04 20:58 . 2011-12-05 13:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2010-01-28 02:30 . 2011-12-05 13:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-28 02:30 . 2011-11-29 17:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-28 02:30 . 2011-11-29 17:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-28 02:30 . 2011-12-05 13:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-14 22:39 . 2011-11-29 17:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-14 22:39 . 2011-12-05 20:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-14 22:39 . 2011-11-29 17:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-14 22:39 . 2011-12-05 20:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-05 13:32 . 2011-12-05 13:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-29 17:17 . 2011-11-29 17:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-05 13:32 . 2011-12-05 13:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-29 17:17 . 2011-11-29 17:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-01 18:58 . 2011-12-01 18:58 262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT
+ 2011-12-01 18:58 . 2011-12-01 18:58 262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
+ 2011-12-01 18:58 . 2011-12-01 18:58 262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT
+ 2010-01-15 13:51 . 2011-12-04 20:29 283844 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-11-08 21:52 . 2011-11-08 21:51 263168 c:\windows\system32\SPReview\spwizui.dll
+ 2011-11-29 21:14 . 2011-11-29 21:13 263168 c:\windows\system32\SPReview\spwizui.dll
- 2011-11-08 21:52 . 2011-11-08 21:51 301568 c:\windows\system32\SPReview\spreview.exe
+ 2011-11-29 21:14 . 2011-11-29 21:13 301568 c:\windows\system32\SPReview\spreview.exe
+ 2011-11-29 21:14 . 2011-11-29 21:13 238592 c:\windows\system32\SPReview\sperror.dll
- 2011-11-08 21:52 . 2011-11-08 21:51 238592 c:\windows\system32\SPReview\sperror.dll
- 2009-07-14 02:36 . 2011-11-29 15:16 636630 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-05 13:37 636630 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-05 13:37 110746 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-29 15:16 110746 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2011-12-01 18:59 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-11-17 22:59 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-11-09 15:19 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-12-01 18:59 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-01-17 19:14 . 2011-12-01 19:14 262144 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2011-01-17 19:14 . 2011-11-08 21:34 262144 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-12-04 20:30 308556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-29 17:16 308556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-02 13:29 . 2011-12-02 13:29 1402880 c:\windows\Installer\39c80c8.msi
+ 2009-07-14 02:34 . 2011-12-05 13:46 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-11-29 13:13 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f2c43291-151e-499c-98a7-923c120b88fa}"= "c:\program files (x86)\PhotoJoy_US\prxtbPho0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f2c43291-151e-499c-98a7-923c120b88fa}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f2c43291-151e-499c-98a7-923c120b88fa}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\PhotoJoy_US\prxtbPho0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f2c43291-151e-499c-98a7-923c120b88fa}"= "c:\program files (x86)\PhotoJoy_US\prxtbPho0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f2c43291-151e-499c-98a7-923c120b88fa}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"="c:\program files (x86)\ARO 2011\ARO.exe" [2011-01-25 2312048]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-29 39408]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2009-12-17 1795488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll c:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-10-29 255744]
R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-11-10 332272]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
R4 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-10-29 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 102608]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1251479114-3324364789-4273164213-1000Core.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-19 03:18]
.
2011-12-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1251479114-3324364789-4273164213-1000UA.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-19 03:18]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 06:11]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 06:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-11-10 03:39 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uInternet Settings,ProxyServer = http=127.0.0.1:54929
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.253
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{F2C43291-151E-499C-98A7-923C120B88FA} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-05 16:21:02
ComboFix-quarantined-files.txt 2011-12-05 21:20
ComboFix2.txt 2011-11-30 17:39
ComboFix3.txt 2011-11-29 17:44
ComboFix4.txt 2011-11-08 21:37
.
Pre-Run: 436,174,012,416 bytes free
Post-Run: 436,100,096,000 bytes free
.
- - End Of File - - 74A6130DC98AEDDB8C5B3108159F77D0

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 06 December 2011 - 07:56 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 CJSites

CJSites
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 06 December 2011 - 09:55 AM

No threats found. Here is the log

09:48:30.0643 1792 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
09:48:30.0814 1792 ============================================================
09:48:30.0814 1792 Current date / time: 2011/12/06 09:48:30.0814
09:48:30.0814 1792 SystemInfo:
09:48:30.0814 1792
09:48:30.0814 1792 OS Version: 6.1.7600 ServicePack: 0.0
09:48:30.0814 1792 Product type: Workstation
09:48:30.0814 1792 ComputerName: OWNER-PC
09:48:30.0814 1792 UserName: Owner
09:48:30.0814 1792 Windows directory: C:\Windows
09:48:30.0814 1792 System windows directory: C:\Windows
09:48:30.0814 1792 Running under WOW64
09:48:30.0814 1792 Processor architecture: Intel x64
09:48:30.0814 1792 Number of processors: 4
09:48:30.0814 1792 Page size: 0x1000
09:48:30.0814 1792 Boot type: Normal boot
09:48:30.0814 1792 ============================================================
09:48:31.0298 1792 Initialize success
09:48:36.0696 3264 ============================================================
09:48:36.0696 3264 Scan started
09:48:36.0696 3264 Mode: Manual;
09:48:36.0696 3264 ============================================================
09:48:37.0366 3264 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
09:48:37.0366 3264 1394ohci - ok
09:48:37.0429 3264 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
09:48:37.0444 3264 ACPI - ok
09:48:37.0538 3264 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
09:48:37.0538 3264 AcpiPmi - ok
09:48:37.0585 3264 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:48:37.0600 3264 adp94xx - ok
09:48:37.0663 3264 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:48:37.0663 3264 adpahci - ok
09:48:37.0741 3264 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:48:37.0756 3264 adpu320 - ok
09:48:37.0834 3264 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
09:48:37.0850 3264 AFD - ok
09:48:37.0897 3264 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
09:48:37.0897 3264 agp440 - ok
09:48:38.0006 3264 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
09:48:38.0006 3264 aliide - ok
09:48:38.0053 3264 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
09:48:38.0053 3264 amdide - ok
09:48:38.0084 3264 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:48:38.0084 3264 AmdK8 - ok
09:48:38.0115 3264 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:48:38.0115 3264 AmdPPM - ok
09:48:38.0146 3264 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
09:48:38.0162 3264 amdsata - ok
09:48:38.0193 3264 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:48:38.0193 3264 amdsbs - ok
09:48:38.0240 3264 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
09:48:38.0240 3264 amdxata - ok
09:48:38.0287 3264 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
09:48:38.0287 3264 AppID - ok
09:48:38.0427 3264 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:48:38.0427 3264 arc - ok
09:48:38.0443 3264 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:48:38.0458 3264 arcsas - ok
09:48:38.0490 3264 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:48:38.0490 3264 AsyncMac - ok
09:48:38.0521 3264 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
09:48:38.0521 3264 atapi - ok
09:48:38.0599 3264 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
09:48:38.0630 3264 athr - ok
09:48:38.0770 3264 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:48:38.0770 3264 b06bdrv - ok
09:48:38.0817 3264 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:48:38.0817 3264 b57nd60a - ok
09:48:38.0958 3264 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:48:38.0958 3264 Beep - ok
09:48:39.0067 3264 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:48:39.0067 3264 blbdrive - ok
09:48:39.0207 3264 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
09:48:39.0207 3264 bowser - ok
09:48:39.0254 3264 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:48:39.0254 3264 BrFiltLo - ok
09:48:39.0270 3264 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:48:39.0270 3264 BrFiltUp - ok
09:48:39.0316 3264 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:48:39.0316 3264 Brserid - ok
09:48:39.0332 3264 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:48:39.0332 3264 BrSerWdm - ok
09:48:39.0363 3264 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:48:39.0363 3264 BrUsbMdm - ok
09:48:39.0394 3264 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:48:39.0394 3264 BrUsbSer - ok
09:48:39.0441 3264 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:48:39.0441 3264 BTHMODEM - ok
09:48:39.0597 3264 catchme - ok
09:48:39.0691 3264 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
09:48:39.0706 3264 CAXHWAZL - ok
09:48:39.0722 3264 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:48:39.0722 3264 cdfs - ok
09:48:39.0769 3264 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
09:48:39.0784 3264 cdrom - ok
09:48:39.0909 3264 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
09:48:39.0909 3264 cfwids - ok
09:48:39.0956 3264 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:48:39.0956 3264 circlass - ok
09:48:40.0050 3264 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:48:40.0050 3264 CLFS - ok
09:48:40.0159 3264 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:48:40.0159 3264 CmBatt - ok
09:48:40.0174 3264 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
09:48:40.0174 3264 cmdide - ok
09:48:40.0221 3264 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
09:48:40.0237 3264 CNG - ok
09:48:40.0346 3264 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:48:40.0346 3264 Compbatt - ok
09:48:40.0393 3264 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:48:40.0393 3264 CompositeBus - ok
09:48:40.0440 3264 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:48:40.0440 3264 crcdisk - ok
09:48:40.0518 3264 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
09:48:40.0518 3264 DfsC - ok
09:48:40.0564 3264 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:48:40.0564 3264 discache - ok
09:48:40.0611 3264 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:48:40.0611 3264 Disk - ok
09:48:40.0642 3264 DKbFltr - ok
09:48:40.0752 3264 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:48:40.0752 3264 drmkaud - ok
09:48:40.0861 3264 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
09:48:40.0892 3264 DXGKrnl - ok
09:48:41.0048 3264 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:48:41.0313 3264 ebdrv - ok
09:48:41.0454 3264 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:48:41.0485 3264 elxstor - ok
09:48:41.0594 3264 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
09:48:41.0594 3264 ErrDev - ok
09:48:41.0672 3264 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:48:41.0672 3264 exfat - ok
09:48:41.0703 3264 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:48:41.0703 3264 fastfat - ok
09:48:41.0828 3264 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:48:41.0828 3264 fdc - ok
09:48:41.0875 3264 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:48:41.0875 3264 FileInfo - ok
09:48:41.0890 3264 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:48:41.0906 3264 Filetrace - ok
09:48:41.0968 3264 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:48:41.0984 3264 flpydisk - ok
09:48:42.0015 3264 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
09:48:42.0031 3264 FltMgr - ok
09:48:42.0078 3264 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:48:42.0078 3264 FsDepends - ok
09:48:42.0093 3264 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:48:42.0093 3264 Fs_Rec - ok
09:48:42.0140 3264 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:48:42.0140 3264 fvevol - ok
09:48:42.0265 3264 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:48:42.0265 3264 gagp30kx - ok
09:48:42.0358 3264 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:48:42.0358 3264 GEARAspiWDM - ok
09:48:42.0499 3264 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:48:42.0499 3264 hcw85cir - ok
09:48:42.0530 3264 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
09:48:42.0546 3264 HdAudAddService - ok
09:48:42.0655 3264 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:48:42.0655 3264 HDAudBus - ok
09:48:42.0717 3264 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
09:48:42.0733 3264 HECIx64 - ok
09:48:42.0764 3264 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:48:42.0764 3264 HidBatt - ok
09:48:42.0780 3264 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:48:42.0795 3264 HidBth - ok
09:48:42.0858 3264 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:48:42.0858 3264 HidIr - ok
09:48:42.0936 3264 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
09:48:42.0936 3264 HidUsb - ok
09:48:43.0060 3264 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:48:43.0060 3264 HpSAMD - ok
09:48:43.0138 3264 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
09:48:43.0185 3264 HSF_DPV - ok
09:48:43.0310 3264 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
09:48:43.0310 3264 HTTP - ok
09:48:43.0357 3264 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
09:48:43.0357 3264 hwpolicy - ok
09:48:43.0435 3264 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
09:48:43.0435 3264 i8042prt - ok
09:48:43.0497 3264 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
09:48:43.0497 3264 iaStor - ok
09:48:43.0575 3264 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
09:48:43.0591 3264 iaStorV - ok
09:48:43.0856 3264 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:48:44.0059 3264 igfx - ok
09:48:44.0184 3264 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:48:44.0184 3264 iirsp - ok
09:48:44.0277 3264 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
09:48:44.0277 3264 Impcd - ok
09:48:44.0371 3264 IntcAzAudAddService (492cd3a94913d753b4591cd9e29ec843) C:\Windows\system32\drivers\RTKVHD64.sys
09:48:44.0449 3264 IntcAzAudAddService - ok
09:48:44.0558 3264 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
09:48:44.0558 3264 IntcDAud - ok
09:48:44.0667 3264 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
09:48:44.0667 3264 intelide - ok
09:48:44.0698 3264 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:48:44.0714 3264 intelppm - ok
09:48:44.0823 3264 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:48:44.0839 3264 IpFilterDriver - ok
09:48:44.0870 3264 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:48:44.0870 3264 IPMIDRV - ok
09:48:44.0948 3264 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:48:44.0948 3264 IPNAT - ok
09:48:45.0073 3264 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:48:45.0073 3264 IRENUM - ok
09:48:45.0182 3264 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
09:48:45.0182 3264 isapnp - ok
09:48:45.0213 3264 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
09:48:45.0213 3264 iScsiPrt - ok
09:48:45.0276 3264 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
09:48:45.0276 3264 k57nd60a - ok
09:48:45.0354 3264 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:48:45.0354 3264 kbdclass - ok
09:48:45.0385 3264 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
09:48:45.0385 3264 kbdhid - ok
09:48:45.0416 3264 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
09:48:45.0416 3264 KSecDD - ok
09:48:45.0463 3264 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
09:48:45.0463 3264 KSecPkg - ok
09:48:45.0494 3264 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:48:45.0494 3264 ksthunk - ok
09:48:45.0650 3264 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:48:45.0650 3264 lltdio - ok
09:48:45.0790 3264 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:48:45.0790 3264 LSI_FC - ok
09:48:45.0822 3264 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:48:45.0822 3264 LSI_SAS - ok
09:48:45.0853 3264 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:48:45.0853 3264 LSI_SAS2 - ok
09:48:45.0884 3264 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:48:45.0884 3264 LSI_SCSI - ok
09:48:45.0915 3264 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:48:45.0915 3264 luafv - ok
09:48:46.0087 3264 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:48:46.0087 3264 mdmxsdk - ok
09:48:46.0118 3264 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:48:46.0118 3264 megasas - ok
09:48:46.0149 3264 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:48:46.0149 3264 MegaSR - ok
09:48:46.0212 3264 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
09:48:46.0212 3264 mfeapfk - ok
09:48:46.0290 3264 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
09:48:46.0290 3264 mfeavfk - ok
09:48:46.0383 3264 mfeavfk01 - ok
09:48:46.0446 3264 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
09:48:46.0461 3264 mfefirek - ok
09:48:46.0586 3264 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
09:48:46.0617 3264 mfehidk - ok
09:48:46.0742 3264 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
09:48:46.0742 3264 mfenlfk - ok
09:48:46.0851 3264 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
09:48:46.0851 3264 mferkdet - ok
09:48:46.0976 3264 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
09:48:46.0976 3264 mfewfpk - ok
09:48:47.0038 3264 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:48:47.0038 3264 Modem - ok
09:48:47.0085 3264 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:48:47.0085 3264 monitor - ok
09:48:47.0148 3264 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
09:48:47.0148 3264 motandroidusb - ok
09:48:47.0288 3264 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:48:47.0288 3264 mouclass - ok
09:48:47.0350 3264 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:48:47.0366 3264 mouhid - ok
09:48:47.0413 3264 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
09:48:47.0413 3264 mountmgr - ok
09:48:47.0475 3264 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
09:48:47.0475 3264 mpio - ok
09:48:47.0522 3264 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:48:47.0522 3264 mpsdrv - ok
09:48:47.0584 3264 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
09:48:47.0584 3264 MRxDAV - ok
09:48:47.0616 3264 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:48:47.0631 3264 mrxsmb - ok
09:48:47.0662 3264 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:48:47.0678 3264 mrxsmb10 - ok
09:48:47.0725 3264 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:48:47.0725 3264 mrxsmb20 - ok
09:48:47.0756 3264 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
09:48:47.0756 3264 msahci - ok
09:48:47.0787 3264 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
09:48:47.0787 3264 msdsm - ok
09:48:47.0818 3264 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:48:47.0818 3264 Msfs - ok
09:48:47.0850 3264 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:48:47.0865 3264 mshidkmdf - ok
09:48:47.0881 3264 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
09:48:47.0881 3264 msisadrv - ok
09:48:48.0006 3264 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:48:48.0006 3264 MSKSSRV - ok
09:48:48.0037 3264 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:48:48.0037 3264 MSPCLOCK - ok
09:48:48.0052 3264 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:48:48.0052 3264 MSPQM - ok
09:48:48.0099 3264 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
09:48:48.0115 3264 MsRPC - ok
09:48:48.0130 3264 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
09:48:48.0130 3264 mssmbios - ok
09:48:48.0177 3264 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:48:48.0177 3264 MSTEE - ok
09:48:48.0208 3264 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:48:48.0208 3264 MTConfig - ok
09:48:48.0240 3264 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:48:48.0240 3264 Mup - ok
09:48:48.0318 3264 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:48:48.0333 3264 NativeWifiP - ok
09:48:48.0396 3264 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
09:48:48.0427 3264 NDIS - ok
09:48:48.0489 3264 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:48:48.0489 3264 NdisCap - ok
09:48:48.0520 3264 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:48:48.0520 3264 NdisTapi - ok
09:48:48.0567 3264 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
09:48:48.0567 3264 Ndisuio - ok
09:48:48.0598 3264 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:48:48.0598 3264 NdisWan - ok
09:48:48.0661 3264 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
09:48:48.0661 3264 NDProxy - ok
09:48:48.0708 3264 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:48:48.0708 3264 NetBIOS - ok
09:48:48.0754 3264 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
09:48:48.0754 3264 NetBT - ok
09:48:48.0895 3264 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:48:48.0895 3264 nfrd960 - ok
09:48:48.0942 3264 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:48:48.0942 3264 Npfs - ok
09:48:48.0988 3264 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:48:48.0988 3264 nsiproxy - ok
09:48:49.0066 3264 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
09:48:49.0082 3264 Ntfs - ok
09:48:49.0191 3264 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
09:48:49.0191 3264 NTIDrvr - ok
09:48:49.0222 3264 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:48:49.0222 3264 Null - ok
09:48:49.0285 3264 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
09:48:49.0285 3264 nvraid - ok
09:48:49.0394 3264 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
09:48:49.0394 3264 nvstor - ok
09:48:49.0456 3264 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
09:48:49.0472 3264 nv_agp - ok
09:48:49.0488 3264 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
09:48:49.0488 3264 ohci1394 - ok
09:48:49.0534 3264 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:48:49.0534 3264 Parport - ok
09:48:49.0566 3264 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
09:48:49.0566 3264 partmgr - ok
09:48:49.0597 3264 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
09:48:49.0597 3264 pci - ok
09:48:49.0644 3264 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
09:48:49.0644 3264 pciide - ok
09:48:49.0690 3264 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:48:49.0690 3264 pcmcia - ok
09:48:49.0706 3264 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:48:49.0722 3264 pcw - ok
09:48:49.0753 3264 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:48:49.0784 3264 PEAUTH - ok
09:48:49.0924 3264 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
09:48:49.0940 3264 PptpMiniport - ok
09:48:49.0956 3264 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:48:49.0971 3264 Processor - ok
09:48:50.0034 3264 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
09:48:50.0034 3264 Psched - ok
09:48:50.0065 3264 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
09:48:50.0080 3264 PxHlpa64 - ok
09:48:50.0221 3264 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:48:50.0268 3264 ql2300 - ok
09:48:50.0314 3264 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:48:50.0314 3264 ql40xx - ok
09:48:50.0346 3264 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:48:50.0346 3264 QWAVEdrv - ok
09:48:50.0377 3264 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:48:50.0377 3264 RasAcd - ok
09:48:50.0424 3264 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:48:50.0424 3264 RasAgileVpn - ok
09:48:50.0502 3264 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:48:50.0502 3264 Rasl2tp - ok
09:48:50.0548 3264 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:48:50.0548 3264 RasPppoe - ok
09:48:50.0611 3264 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:48:50.0626 3264 RasSstp - ok
09:48:50.0658 3264 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
09:48:50.0658 3264 rdbss - ok
09:48:50.0673 3264 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:48:50.0673 3264 rdpbus - ok
09:48:50.0704 3264 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:48:50.0704 3264 RDPCDD - ok
09:48:50.0782 3264 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:48:50.0782 3264 RDPENCDD - ok
09:48:50.0829 3264 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:48:50.0829 3264 RDPREFMP - ok
09:48:50.0860 3264 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
09:48:50.0860 3264 RDPWD - ok
09:48:50.0954 3264 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
09:48:50.0970 3264 rdyboost - ok
09:48:51.0094 3264 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:48:51.0110 3264 rspndr - ok
09:48:51.0188 3264 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\System32\Drivers\RtsUStor.sys
09:48:51.0188 3264 RSUSBSTOR - ok
09:48:51.0235 3264 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
09:48:51.0235 3264 sbp2port - ok
09:48:51.0282 3264 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
09:48:51.0297 3264 scfilter - ok
09:48:51.0391 3264 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:48:51.0391 3264 secdrv - ok
09:48:51.0438 3264 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:48:51.0438 3264 Serenum - ok
09:48:51.0516 3264 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:48:51.0516 3264 Serial - ok
09:48:51.0578 3264 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:48:51.0578 3264 sermouse - ok
09:48:51.0625 3264 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
09:48:51.0625 3264 sffdisk - ok
09:48:51.0640 3264 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:48:51.0656 3264 sffp_mmc - ok
09:48:51.0672 3264 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:48:51.0672 3264 sffp_sd - ok
09:48:51.0703 3264 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:48:51.0703 3264 sfloppy - ok
09:48:51.0859 3264 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:48:51.0859 3264 SiSRaid2 - ok
09:48:51.0874 3264 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:48:51.0890 3264 SiSRaid4 - ok
09:48:51.0921 3264 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:48:51.0921 3264 Smb - ok
09:48:51.0999 3264 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:48:51.0999 3264 spldr - ok
09:48:52.0062 3264 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
09:48:52.0077 3264 srv - ok
09:48:52.0186 3264 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
09:48:52.0186 3264 srv2 - ok
09:48:52.0280 3264 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:48:52.0280 3264 SrvHsfHDA - ok
09:48:52.0342 3264 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:48:52.0374 3264 SrvHsfV92 - ok
09:48:52.0452 3264 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:48:52.0467 3264 SrvHsfWinac - ok
09:48:52.0561 3264 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
09:48:52.0561 3264 srvnet - ok
09:48:52.0623 3264 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:48:52.0623 3264 stexstor - ok
09:48:52.0686 3264 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
09:48:52.0686 3264 swenum - ok
09:48:52.0764 3264 SynTP (ecb9097c86db32bf3940590e0e1792c3) C:\Windows\system32\DRIVERS\SynTP.sys
09:48:52.0779 3264 SynTP - ok
09:48:52.0951 3264 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
09:48:52.0966 3264 Tcpip - ok
09:48:53.0044 3264 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
09:48:53.0060 3264 TCPIP6 - ok
09:48:53.0122 3264 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
09:48:53.0122 3264 tcpipreg - ok
09:48:53.0185 3264 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:48:53.0185 3264 TDPIPE - ok
09:48:53.0200 3264 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:48:53.0216 3264 TDTCP - ok
09:48:53.0247 3264 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
09:48:53.0247 3264 tdx - ok
09:48:53.0294 3264 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
09:48:53.0294 3264 TermDD - ok
09:48:53.0372 3264 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:48:53.0372 3264 tssecsrv - ok
09:48:53.0481 3264 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
09:48:53.0481 3264 tunnel - ok
09:48:53.0512 3264 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:48:53.0512 3264 uagp35 - ok
09:48:53.0575 3264 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
09:48:53.0575 3264 UBHelper - ok
09:48:53.0622 3264 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
09:48:53.0637 3264 udfs - ok
09:48:53.0700 3264 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:48:53.0700 3264 uliagpkx - ok
09:48:53.0778 3264 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
09:48:53.0778 3264 umbus - ok
09:48:53.0824 3264 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:48:53.0824 3264 UmPass - ok
09:48:53.0949 3264 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
09:48:53.0949 3264 USBAAPL64 - ok
09:48:54.0058 3264 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
09:48:54.0074 3264 usbccgp - ok
09:48:54.0183 3264 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
09:48:54.0183 3264 usbcir - ok
09:48:54.0261 3264 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
09:48:54.0261 3264 usbehci - ok
09:48:54.0308 3264 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
09:48:54.0308 3264 usbhub - ok
09:48:54.0355 3264 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
09:48:54.0370 3264 usbohci - ok
09:48:54.0433 3264 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:48:54.0448 3264 usbprint - ok
09:48:54.0495 3264 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:48:54.0495 3264 USBSTOR - ok
09:48:54.0542 3264 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
09:48:54.0542 3264 usbuhci - ok
09:48:54.0667 3264 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
09:48:54.0667 3264 usbvideo - ok
09:48:54.0714 3264 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:48:54.0714 3264 vdrvroot - ok
09:48:54.0760 3264 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:48:54.0776 3264 vga - ok
09:48:54.0807 3264 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:48:54.0807 3264 VgaSave - ok
09:48:54.0838 3264 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
09:48:54.0838 3264 vhdmp - ok
09:48:54.0870 3264 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
09:48:54.0870 3264 viaide - ok
09:48:54.0948 3264 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
09:48:54.0948 3264 volmgr - ok
09:48:54.0979 3264 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
09:48:54.0979 3264 volmgrx - ok
09:48:55.0010 3264 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
09:48:55.0010 3264 volsnap - ok
09:48:55.0057 3264 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:48:55.0057 3264 vsmraid - ok
09:48:55.0088 3264 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:48:55.0088 3264 vwifibus - ok
09:48:55.0119 3264 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:48:55.0119 3264 vwififlt - ok
09:48:55.0166 3264 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:48:55.0166 3264 vwifimp - ok
09:48:55.0244 3264 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:48:55.0244 3264 WacomPen - ok
09:48:55.0291 3264 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:48:55.0291 3264 WANARP - ok
09:48:55.0306 3264 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:48:55.0306 3264 Wanarpv6 - ok
09:48:55.0431 3264 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:48:55.0431 3264 Wd - ok
09:48:55.0462 3264 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:48:55.0494 3264 Wdf01000 - ok
09:48:55.0618 3264 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:48:55.0618 3264 WfpLwf - ok
09:48:55.0728 3264 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:48:55.0728 3264 WIMMount - ok
09:48:55.0774 3264 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
09:48:55.0806 3264 winachsf - ok
09:48:55.0946 3264 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
09:48:55.0946 3264 WinUsb - ok
09:48:55.0977 3264 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:48:55.0977 3264 WmiAcpi - ok
09:48:56.0102 3264 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:48:56.0118 3264 ws2ifsl - ok
09:48:56.0164 3264 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
09:48:56.0164 3264 WudfPf - ok
09:48:56.0211 3264 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:48:56.0211 3264 WUDFRd - ok
09:48:56.0289 3264 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
09:48:56.0289 3264 XAudio - ok
09:48:56.0367 3264 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:48:56.0383 3264 \Device\Harddisk0\DR0 - ok
09:48:56.0398 3264 Boot (0x1200) (e127ce295c5b5a91cf9efa8da941dd40) \Device\Harddisk0\DR0\Partition0
09:48:56.0398 3264 \Device\Harddisk0\DR0\Partition0 - ok
09:48:56.0414 3264 Boot (0x1200) (94aa92581e65a21fb0ebf925d3fe7538) \Device\Harddisk0\DR0\Partition1
09:48:56.0414 3264 \Device\Harddisk0\DR0\Partition1 - ok
09:48:56.0414 3264 ============================================================
09:48:56.0414 3264 Scan finished
09:48:56.0414 3264 ============================================================
09:48:56.0430 4356 Detected object count: 0
09:48:56.0430 4356 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 06 December 2011 - 12:39 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 CJSites

CJSites
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 06 December 2011 - 02:57 PM

Here is the log from aswMBR

Thanks

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-06 14:54:33
-----------------------------
14:54:33.776 OS Version: Windows x64 6.1.7600
14:54:33.776 Number of processors: 4 586 0x2502
14:54:33.776 ComputerName: OWNER-PC UserName: Owner
14:54:34.977 Initialize success
14:54:54.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:54:54.578 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
14:54:54.656 Disk 0 MBR read successfully
14:54:54.656 Disk 0 MBR scan
14:54:54.656 Disk 0 TDL4@MBR code has been found
14:54:54.672 Disk 0 Windows 7 default MBR code found via API
14:54:54.672 Disk 0 MBR hidden
14:54:54.672 Disk 0 MBR [TDL4] **ROOTKIT**
14:54:54.687 Disk 0 trace - called modules:
14:54:54.687 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004c0b334]<<
14:54:54.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bea310]
14:54:54.703 3 CLASSPNP.SYS[fffff8800187343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b05050]
14:54:54.703 \Driver\iaStor[0xfffffa8004aba730] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004c0b334
14:54:54.703 Scan finished successfully
14:55:31.644 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
14:55:31.644 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 06 December 2011 - 03:08 PM

Hello

I want you to rerun ASWmbr and run the fix below

aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 CJSites

CJSites
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 06 December 2011 - 03:33 PM

Hi Gringo
Ran the fix and it allowed me to reboot but now seems to be stuck in a blank screen except for
"Windows is loading files" with a progress bar beneath it but no progress. Should I be worried?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 06 December 2011 - 09:00 PM

try and restart again and let me know what is going on



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 CJSites

CJSites
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 07 December 2011 - 07:36 AM

Only way now is to hard boot and there is a flash of the gateway screen with line that says "Press f2 to enter setup" Then it goes to a black and white screen with the words "Windows is loading files..." and it has what looks like a white progress indicator under that line. Then it seems to hang and there is no activity on the hard drive.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:24 PM

Posted 07 December 2011 - 07:44 AM

System Recovery Environment

To access the System Recovery Environment in Windows 7, simply boot your PC,

  • just before the system loads the Windows operating system, hit the [F8] Function 8 key on your keyboard which will launch the Advanced Boot Options menu.
  • There you will see a new option 'Repair Your Computer', select this option and hit 'Enter' on your keyboard.
  • Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:
  • From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
  • Type the following into the "Command Prompt Window": and press enter

    bootrec.exe /fixmbr

If you have problems booting the computer after you have run that command boot back into the System Recovery Environment and Type the following into the "Command Prompt Window": and press enter

bootrec.exe /fixboot
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users