Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BitMiner kwrd.dll initiating Adobe Flash install?


  • Please log in to reply
10 replies to this topic

#1 setmenul

setmenul

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 18 December 2011 - 11:49 PM

Hi,
Problem appears to have started 12/7-9 by accepting an Adobe Flash install. Resulted in starting "Win 7 Home Security" with all it's ailments. Followed instructions in the removal thread (FixNCR,RKill,tdsskiller,MBAM), successfully stopped all "Win 7" action. Upon next internet usage, Adobe Flash install prompted again, denied and uninstalled all Adobe products and Java (to prep for newest versions but have held off). Restart, open internet browser, search redirects occur and Flash Prompt again, checked process list, noticed it was also appearing with the PING.EXE *32, InstallFlashPlayer.exe, and FP_AX_CAB_INSTALLER.exe *32. Flash prompt initiated every 20-30 minutes. Killing PING causes Flash prompt to reinitiate within 2 minutes. Have quarantined the kwrd.dll 3 times using MBAM. Flash prompt occurs after internet connection is allowed and searches redirect again.
Please advise. Tired of going in circles, not using secure sites and avoiding transactions. Thank you in advance.

Note about DDS report stating Norton and Windows Defender being active:
1. Norton Anti-virus trial came with factory install. Never used so how is it "enabled"? Would like to see all Norton products gone.
2. Says Windows Defender is enabled but checked, states "service has stopped", starting returns a DNE message with Error code 0x80070424. Also Windows Firewall states "not using reccomended settings" requesting recommended settings returns "..can't change..", Error code 0x80070424.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jennifer at 19:44:25 on 2011-12-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.5820 [GMT -8:00]
.
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\dllhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\Jennifer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WKCALREM.LNK - C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files (x86)\Logitech\SetPoint II\SetPointII.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://email.sempra.com/OWA/MWScripts/AttachView/1.5/DAX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{18954B26-36FB-4173-82E7-30296EC123C8} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4DFBDD1E-5F6E-4925-BC9B-9325AC8B4A6F} : DhcpNameServer = 192.168.1.1
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\krnoo7u7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\Jennifer\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/02/22 19:35:31];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-2-22 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-5-24 365568]
R2 AMD FusionUtility Service;AMD FusionUtility Service;C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-4-14 275832]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-4-14 140160]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-9-19 122880]
R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2011-5-25 136616]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2010-2-22 126392]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AODDriver4.01;AODDriver4.01;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-5-25 55424]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
.
=============== Created Last 30 ================
.
2011-12-19 03:07:50 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-18 23:46:02 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\SUPERAntiSpyware.com
2011-12-18 23:45:35 -------- dc----w- C:\Program Files\SUPERAntiSpyware
2011-12-18 23:45:35 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-12-16 03:09:29 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-16 03:09:28 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-16 03:09:26 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-16 03:09:26 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-16 03:08:14 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-16 03:08:14 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-09 20:13:37 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\Malwarebytes
2011-12-09 20:13:32 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-09 20:13:29 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-09 20:13:29 -------- dc----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-09 19:53:43 -------- d-----we C:\Windows\system64
2011-12-09 18:48:54 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F535D10F-EC74-4BE9-A085-1CCC9A4635EB}\mpengine.dll
2011-12-03 03:15:15 -------- dc----w- C:\Program Files (x86)\Serpent of Isis - Your Journey Continues
2011-12-03 02:56:57 -------- dc----w- C:\Program Files (x86)\Mystery Case Files - 13th Skull
2011-12-03 02:51:38 -------- dc----w- C:\Program Files (x86)\Mystery Case Files - Escape from Ravenhearst Collector's Edition
2011-12-03 02:36:40 -------- dc----w- C:\Program Files (x86)\Haunted Legends - The Bronze Horseman
2011-12-03 02:30:59 -------- dc----w- C:\Program Files (x86)\Treasure Seekers - The Time Has Come
2011-11-27 03:27:59 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
2011-11-26 05:45:38 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\CardBoard Castle
2011-11-26 05:44:44 -------- dc----w- C:\Program Files (x86)\Cardboard Castle
2011-11-19 06:09:15 -------- d-----w- C:\ProgramData\FarmFrenzy_Vikings
2011-11-19 05:02:07 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\PeaceCraft3
2011-11-19 03:55:26 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\Flood Light Games
2011-11-19 03:55:26 -------- d-----w- C:\ProgramData\Flood Light Games
.
==================== Find3M ====================
.
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 19:44:36.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:28 AM

Posted 24 December 2011 - 11:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433301 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:28 PM

Posted 27 December 2011 - 02:05 PM

Hi,

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.





Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

unite_blue.png

Please post the final results, good or bad. We like to know!


#4 setmenul

setmenul
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 27 December 2011 - 04:22 PM

Brief update since original post: Have avoided using PC this past week, after experiencing some more weird behavior. Some programs had stalled shortly after opening.. all while Adobe Flash kept prompting. Disabled network connection, prompts stopped. Kept PC powered off rest of week except to retrieve files.

Ran TDSSkiller, no cure/reboot. While viewing the log, PC restarted for no reason, no prompt or warning. Reran TDSS afterward for new log (included). Ran ComboFix, as noted before, am unable to "disable" Norton products. Included with factory build, never activated them but ever present. Even tried killing the Norton and Symantec processes but ComboFix said they were still active.

After ComboFix rebooted the system and completed its log file, I am unable to open any files or programs, all return "Illegal operation attempted on a registry key that has been marked for deletion". Can browse files, was able to transfer text files by thumb drive. Will refrain from restarting until instructed to. Combofix Log below.

Adobe Flash did not make an appearance at any time today.

Currently responding from a husband's old Mac, never quits- don't want to hear "I told you so". Please advise. Thank you.


11:43:54.0641 4284 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
11:43:55.0063 4284 ============================================================
11:43:55.0063 4284 Current date / time: 2011/12/27 11:43:55.0063
11:43:55.0063 4284 SystemInfo:
11:43:55.0063 4284
11:43:55.0063 4284 OS Version: 6.1.7601 ServicePack: 1.0
11:43:55.0063 4284 Product type: Workstation
11:43:55.0063 4284 ComputerName: JENNIFER-PC
11:43:55.0063 4284 UserName: Jennifer
11:43:55.0063 4284 Windows directory: C:\Windows
11:43:55.0063 4284 System windows directory: C:\Windows
11:43:55.0063 4284 Running under WOW64
11:43:55.0063 4284 Processor architecture: Intel x64
11:43:55.0063 4284 Number of processors: 4
11:43:55.0063 4284 Page size: 0x1000
11:43:55.0063 4284 Boot type: Normal boot
11:43:55.0063 4284 ============================================================
11:43:55.0967 4284 Initialize success
11:44:00.0023 4312 ============================================================
11:44:00.0023 4312 Scan started
11:44:00.0023 4312 Mode: Manual; SigCheck; TDLFS;
11:44:00.0023 4312 ============================================================
11:44:00.0413 4312 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:44:00.0585 4312 1394ohci - ok
11:44:00.0601 4312 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:44:00.0616 4312 ACPI - ok
11:44:00.0647 4312 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:44:00.0757 4312 AcpiPmi - ok
11:44:00.0788 4312 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:44:00.0850 4312 adp94xx - ok
11:44:00.0881 4312 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:44:00.0975 4312 adpahci - ok
11:44:01.0006 4312 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:44:01.0069 4312 adpu320 - ok
11:44:01.0147 4312 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:44:01.0271 4312 AFD - ok
11:44:01.0303 4312 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:44:01.0365 4312 agp440 - ok
11:44:01.0381 4312 ahcix64s (aa3f73ccbf498bd56800f840d75e40e4) C:\Windows\system32\DRIVERS\ahcix64s.sys
11:44:01.0443 4312 ahcix64s - ok
11:44:01.0459 4312 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:44:01.0474 4312 aliide - ok
11:44:01.0599 4312 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:44:01.0630 4312 amdide - ok
11:44:01.0693 4312 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
11:44:01.0739 4312 amdiox64 - ok
11:44:01.0802 4312 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:44:01.0942 4312 AmdK8 - ok
11:44:02.0129 4312 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
11:44:02.0441 4312 amdkmdag - ok
11:44:02.0457 4312 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
11:44:02.0504 4312 amdkmdap - ok
11:44:02.0519 4312 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:44:02.0597 4312 AmdPPM - ok
11:44:02.0644 4312 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:44:02.0691 4312 amdsata - ok
11:44:02.0722 4312 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:44:02.0785 4312 amdsbs - ok
11:44:02.0800 4312 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:44:02.0816 4312 amdxata - ok
11:44:02.0925 4312 AODDriver4.01 (b6b9f2c57193409c8b692ffaf509d21b) C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
11:44:02.0987 4312 AODDriver4.01 - ok
11:44:03.0065 4312 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:44:03.0143 4312 AppID - ok
11:44:03.0175 4312 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:44:03.0206 4312 arc - ok
11:44:03.0221 4312 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:44:03.0253 4312 arcsas - ok
11:44:03.0284 4312 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:44:03.0440 4312 AsyncMac - ok
11:44:03.0502 4312 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:44:03.0565 4312 atapi - ok
11:44:03.0611 4312 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
11:44:03.0752 4312 athr - ok
11:44:03.0799 4312 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
11:44:03.0845 4312 AtiHdmiService - ok
11:44:04.0079 4312 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
11:44:04.0189 4312 atikmdag - ok
11:44:04.0313 4312 atillk64 - ok
11:44:04.0376 4312 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
11:44:04.0438 4312 AtiPcie - ok
11:44:04.0485 4312 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:44:04.0688 4312 b06bdrv - ok
11:44:04.0719 4312 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:44:04.0859 4312 b57nd60a - ok
11:44:04.0906 4312 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:44:05.0015 4312 Beep - ok
11:44:05.0015 4312 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:44:05.0078 4312 blbdrive - ok
11:44:05.0156 4312 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:44:05.0249 4312 bowser - ok
11:44:05.0281 4312 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:44:05.0421 4312 BrFiltLo - ok
11:44:05.0437 4312 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:44:05.0499 4312 BrFiltUp - ok
11:44:05.0515 4312 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:44:05.0624 4312 Brserid - ok
11:44:05.0639 4312 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:44:05.0733 4312 BrSerWdm - ok
11:44:05.0764 4312 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:44:05.0795 4312 BrUsbMdm - ok
11:44:05.0811 4312 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:44:05.0842 4312 BrUsbSer - ok
11:44:05.0858 4312 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:44:05.0936 4312 BTHMODEM - ok
11:44:05.0983 4312 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:44:06.0061 4312 cdfs - ok
11:44:06.0123 4312 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:44:06.0170 4312 cdrom - ok
11:44:06.0185 4312 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:44:06.0232 4312 circlass - ok
11:44:06.0248 4312 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:44:06.0263 4312 CLFS - ok
11:44:06.0326 4312 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:44:06.0357 4312 CmBatt - ok
11:44:06.0388 4312 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:44:06.0404 4312 cmdide - ok
11:44:06.0451 4312 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:44:06.0513 4312 CNG - ok
11:44:06.0529 4312 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:44:06.0560 4312 Compbatt - ok
11:44:06.0591 4312 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:44:06.0653 4312 CompositeBus - ok
11:44:06.0700 4312 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:44:06.0763 4312 crcdisk - ok
11:44:06.0794 4312 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:44:06.0887 4312 DfsC - ok
11:44:06.0934 4312 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:44:07.0043 4312 discache - ok
11:44:07.0090 4312 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:44:07.0106 4312 Disk - ok
11:44:07.0137 4312 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:44:07.0168 4312 drmkaud - ok
11:44:07.0215 4312 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:44:07.0277 4312 DXGKrnl - ok
11:44:07.0371 4312 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:44:07.0745 4312 ebdrv - ok
11:44:07.0792 4312 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:44:07.0855 4312 elxstor - ok
11:44:07.0901 4312 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:44:08.0011 4312 ErrDev - ok
11:44:08.0042 4312 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:44:08.0089 4312 exfat - ok
11:44:08.0120 4312 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:44:08.0182 4312 fastfat - ok
11:44:08.0229 4312 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:44:08.0291 4312 fdc - ok
11:44:08.0323 4312 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:44:08.0338 4312 FileInfo - ok
11:44:08.0354 4312 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:44:08.0416 4312 Filetrace - ok
11:44:08.0432 4312 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:44:08.0463 4312 flpydisk - ok
11:44:08.0494 4312 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:44:08.0510 4312 FltMgr - ok
11:44:08.0541 4312 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:44:08.0557 4312 FsDepends - ok
11:44:08.0572 4312 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:44:08.0603 4312 Fs_Rec - ok
11:44:08.0635 4312 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:44:08.0666 4312 fvevol - ok
11:44:08.0681 4312 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:44:08.0728 4312 gagp30kx - ok
11:44:08.0775 4312 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:44:08.0822 4312 GEARAspiWDM - ok
11:44:08.0837 4312 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:44:08.0900 4312 hcw85cir - ok
11:44:08.0947 4312 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:44:09.0040 4312 HDAudBus - ok
11:44:09.0071 4312 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:44:09.0134 4312 HidBatt - ok
11:44:09.0181 4312 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:44:09.0259 4312 HidBth - ok
11:44:09.0305 4312 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:44:09.0383 4312 HidIr - ok
11:44:09.0415 4312 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
11:44:09.0461 4312 HidUsb - ok
11:44:09.0633 4312 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:44:09.0664 4312 HpSAMD - ok
11:44:09.0727 4312 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:44:09.0820 4312 HTTP - ok
11:44:09.0929 4312 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:44:09.0961 4312 hwpolicy - ok
11:44:10.0007 4312 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:44:10.0054 4312 i8042prt - ok
11:44:10.0132 4312 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:44:10.0195 4312 iaStorV - ok
11:44:10.0226 4312 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:44:10.0257 4312 iirsp - ok
11:44:10.0397 4312 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
11:44:10.0460 4312 IntcAzAudAddService - ok
11:44:10.0507 4312 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:44:10.0553 4312 intelide - ok
11:44:10.0647 4312 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:44:10.0741 4312 intelppm - ok
11:44:10.0787 4312 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:44:10.0881 4312 IpFilterDriver - ok
11:44:10.0928 4312 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:44:10.0990 4312 IPMIDRV - ok
11:44:11.0053 4312 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:44:11.0146 4312 IPNAT - ok
11:44:11.0177 4312 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:44:11.0255 4312 IRENUM - ok
11:44:11.0271 4312 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:44:11.0287 4312 isapnp - ok
11:44:11.0349 4312 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:44:11.0474 4312 iScsiPrt - ok
11:44:11.0536 4312 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:44:11.0567 4312 kbdclass - ok
11:44:11.0630 4312 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:44:11.0677 4312 kbdhid - ok
11:44:11.0739 4312 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:44:11.0755 4312 KSecDD - ok
11:44:11.0817 4312 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:44:11.0833 4312 KSecPkg - ok
11:44:11.0898 4312 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:44:11.0988 4312 ksthunk - ok
11:44:12.0058 4312 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:44:12.0098 4312 LHidFilt - ok
11:44:12.0118 4312 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:44:12.0188 4312 lltdio - ok
11:44:12.0208 4312 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:44:12.0248 4312 LMouFilt - ok
11:44:12.0278 4312 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:44:12.0318 4312 LSI_FC - ok
11:44:12.0358 4312 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:44:12.0421 4312 LSI_SAS - ok
11:44:12.0452 4312 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:44:12.0499 4312 LSI_SAS2 - ok
11:44:12.0514 4312 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:44:12.0545 4312 LSI_SCSI - ok
11:44:12.0592 4312 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:44:12.0686 4312 luafv - ok
11:44:12.0733 4312 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:44:12.0779 4312 megasas - ok
11:44:12.0795 4312 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:44:12.0873 4312 MegaSR - ok
11:44:12.0889 4312 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:44:12.0967 4312 Modem - ok
11:44:12.0998 4312 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:44:13.0045 4312 monitor - ok
11:44:13.0107 4312 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:44:13.0169 4312 mouclass - ok
11:44:13.0201 4312 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:44:13.0294 4312 mouhid - ok
11:44:13.0341 4312 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:44:13.0388 4312 mountmgr - ok
11:44:13.0435 4312 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:44:13.0528 4312 mpio - ok
11:44:13.0544 4312 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:44:13.0653 4312 mpsdrv - ok
11:44:13.0700 4312 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:44:13.0825 4312 MRxDAV - ok
11:44:13.0981 4312 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:44:14.0074 4312 mrxsmb - ok
11:44:14.0121 4312 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:44:14.0277 4312 mrxsmb10 - ok
11:44:14.0308 4312 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:44:14.0339 4312 mrxsmb20 - ok
11:44:14.0371 4312 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:44:14.0402 4312 msahci - ok
11:44:14.0449 4312 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:44:14.0495 4312 msdsm - ok
11:44:14.0527 4312 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:44:14.0558 4312 Msfs - ok
11:44:14.0573 4312 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:44:14.0620 4312 mshidkmdf - ok
11:44:14.0651 4312 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:44:14.0667 4312 msisadrv - ok
11:44:14.0698 4312 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:44:14.0745 4312 MSKSSRV - ok
11:44:14.0761 4312 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:44:14.0839 4312 MSPCLOCK - ok
11:44:14.0839 4312 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:44:14.0917 4312 MSPQM - ok
11:44:14.0948 4312 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:44:14.0995 4312 MsRPC - ok
11:44:15.0010 4312 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:44:15.0026 4312 mssmbios - ok
11:44:15.0041 4312 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:44:15.0088 4312 MSTEE - ok
11:44:15.0119 4312 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:44:15.0151 4312 MTConfig - ok
11:44:15.0182 4312 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:44:15.0197 4312 Mup - ok
11:44:15.0213 4312 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:44:15.0244 4312 NativeWifiP - ok
11:44:15.0338 4312 NAVENG (251bdfbc76acc5590c8975dee780147e) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS
11:44:15.0400 4312 NAVENG - ok
11:44:15.0431 4312 NAVEX15 (d3862ab9e0008d30685494e1035a1ce7) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS
11:44:15.0478 4312 NAVEX15 - ok
11:44:15.0525 4312 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:44:15.0587 4312 NDIS - ok
11:44:15.0619 4312 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:44:15.0650 4312 NdisCap - ok
11:44:15.0681 4312 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:44:15.0759 4312 NdisTapi - ok
11:44:15.0821 4312 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:44:15.0899 4312 Ndisuio - ok
11:44:15.0946 4312 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:44:16.0009 4312 NdisWan - ok
11:44:16.0040 4312 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:44:16.0118 4312 NDProxy - ok
11:44:16.0149 4312 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:44:16.0243 4312 NetBIOS - ok
11:44:16.0289 4312 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:44:16.0383 4312 NetBT - ok
11:44:16.0461 4312 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:44:16.0508 4312 nfrd960 - ok
11:44:16.0539 4312 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:44:16.0586 4312 Npfs - ok
11:44:16.0601 4312 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:44:16.0648 4312 nsiproxy - ok
11:44:16.0695 4312 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:44:16.0742 4312 Ntfs - ok
11:44:16.0757 4312 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:44:16.0867 4312 Null - ok
11:44:16.0898 4312 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:44:16.0945 4312 nvraid - ok
11:44:16.0960 4312 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:44:16.0991 4312 nvstor - ok
11:44:17.0023 4312 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:44:17.0069 4312 nv_agp - ok
11:44:17.0101 4312 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:44:17.0132 4312 ohci1394 - ok
11:44:17.0163 4312 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:44:17.0194 4312 Parport - ok
11:44:17.0241 4312 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:44:17.0257 4312 partmgr - ok
11:44:17.0272 4312 PcdrNdisuio - ok
11:44:17.0303 4312 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:44:17.0319 4312 pci - ok
11:44:17.0335 4312 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:44:17.0366 4312 pciide - ok
11:44:17.0397 4312 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:44:17.0444 4312 pcmcia - ok
11:44:17.0475 4312 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:44:17.0491 4312 pcw - ok
11:44:17.0522 4312 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:44:17.0584 4312 PEAUTH - ok
11:44:17.0662 4312 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:44:17.0756 4312 PptpMiniport - ok
11:44:17.0771 4312 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:44:17.0818 4312 Processor - ok
11:44:17.0865 4312 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:44:17.0959 4312 Psched - ok
11:44:18.0021 4312 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:44:18.0099 4312 ql2300 - ok
11:44:18.0115 4312 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:44:18.0130 4312 ql40xx - ok
11:44:18.0161 4312 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:44:18.0208 4312 QWAVEdrv - ok
11:44:18.0239 4312 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:44:18.0286 4312 RasAcd - ok
11:44:18.0317 4312 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:44:18.0380 4312 RasAgileVpn - ok
11:44:18.0427 4312 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:44:18.0505 4312 Rasl2tp - ok
11:44:18.0520 4312 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:44:18.0567 4312 RasPppoe - ok
11:44:18.0598 4312 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:44:18.0645 4312 RasSstp - ok
11:44:18.0676 4312 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:44:18.0723 4312 rdbss - ok
11:44:18.0770 4312 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:44:18.0801 4312 rdpbus - ok
11:44:18.0817 4312 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:44:18.0848 4312 RDPCDD - ok
11:44:18.0863 4312 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:44:18.0926 4312 RDPENCDD - ok
11:44:18.0941 4312 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:44:18.0973 4312 RDPREFMP - ok
11:44:19.0019 4312 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:44:19.0051 4312 RDPWD - ok
11:44:19.0113 4312 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:44:19.0129 4312 rdyboost - ok
11:44:19.0175 4312 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:44:19.0207 4312 rspndr - ok
11:44:19.0238 4312 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:44:19.0316 4312 RTL8167 - ok
11:44:19.0409 4312 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:44:19.0441 4312 SASDIFSV - ok
11:44:19.0472 4312 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:44:19.0487 4312 SASKUTIL - ok
11:44:19.0519 4312 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:44:19.0581 4312 sbp2port - ok
11:44:19.0612 4312 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:44:19.0659 4312 scfilter - ok
11:44:19.0675 4312 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:44:19.0753 4312 secdrv - ok
11:44:19.0815 4312 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:44:19.0877 4312 Serenum - ok
11:44:19.0924 4312 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:44:19.0987 4312 Serial - ok
11:44:20.0033 4312 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:44:20.0096 4312 sermouse - ok
11:44:20.0143 4312 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:44:20.0205 4312 sffdisk - ok
11:44:20.0221 4312 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:44:20.0236 4312 sffp_mmc - ok
11:44:20.0252 4312 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:44:20.0299 4312 sffp_sd - ok
11:44:20.0330 4312 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:44:20.0408 4312 sfloppy - ok
11:44:20.0470 4312 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:44:20.0533 4312 SiSRaid2 - ok
11:44:20.0564 4312 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:44:20.0595 4312 SiSRaid4 - ok
11:44:20.0751 4312 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:44:20.0829 4312 Smb - ok
11:44:21.0032 4312 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:44:21.0079 4312 spldr - ok
11:44:21.0125 4312 SRTSP (56979a80f6f9df788a8bfcc1603da40d) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSP64.SYS
11:44:21.0188 4312 SRTSP - ok
11:44:21.0235 4312 SRTSPX (3c3d82bb245ad1cb00ed48cb2f4ab385) C:\Windows\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS
11:44:21.0281 4312 SRTSPX - ok
11:44:21.0328 4312 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:44:21.0406 4312 srv - ok
11:44:21.0422 4312 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:44:21.0469 4312 srv2 - ok
11:44:21.0500 4312 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:44:21.0547 4312 srvnet - ok
11:44:21.0593 4312 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:44:21.0625 4312 stexstor - ok
11:44:21.0671 4312 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:44:21.0687 4312 swenum - ok
11:44:21.0749 4312 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:44:21.0812 4312 Tcpip - ok
11:44:21.0859 4312 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:44:21.0890 4312 TCPIP6 - ok
11:44:21.0937 4312 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:44:22.0015 4312 tcpipreg - ok
11:44:22.0030 4312 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:44:22.0093 4312 TDPIPE - ok
11:44:22.0108 4312 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:44:22.0139 4312 TDTCP - ok
11:44:22.0186 4312 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:44:22.0217 4312 tdx - ok
11:44:22.0249 4312 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:44:22.0280 4312 TermDD - ok
11:44:22.0327 4312 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:44:22.0389 4312 tssecsrv - ok
11:44:22.0436 4312 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:44:22.0514 4312 TsUsbFlt - ok
11:44:22.0576 4312 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:44:22.0670 4312 tunnel - ok
11:44:22.0717 4312 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:44:22.0779 4312 uagp35 - ok
11:44:22.0810 4312 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:44:22.0857 4312 udfs - ok
11:44:22.0919 4312 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:44:22.0982 4312 uliagpkx - ok
11:44:23.0029 4312 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:44:23.0044 4312 umbus - ok
11:44:23.0060 4312 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:44:23.0091 4312 UmPass - ok
11:44:23.0138 4312 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
11:44:23.0216 4312 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
11:44:23.0216 4312 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
11:44:23.0247 4312 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:44:23.0294 4312 usbccgp - ok
11:44:23.0325 4312 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:44:23.0450 4312 usbcir - ok
11:44:23.0481 4312 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:44:23.0543 4312 usbehci - ok
11:44:23.0590 4312 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
11:44:23.0606 4312 usbfilter - ok
11:44:23.0637 4312 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:44:23.0699 4312 usbhub - ok
11:44:23.0731 4312 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:44:23.0777 4312 usbohci - ok
11:44:23.0809 4312 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:44:23.0871 4312 usbprint - ok
11:44:23.0887 4312 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:44:23.0933 4312 USBSTOR - ok
11:44:23.0965 4312 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:44:24.0058 4312 usbuhci - ok
11:44:24.0089 4312 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:44:24.0199 4312 vdrvroot - ok
11:44:24.0230 4312 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:44:24.0292 4312 vga - ok
11:44:24.0308 4312 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:44:24.0370 4312 VgaSave - ok
11:44:24.0401 4312 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:44:24.0495 4312 vhdmp - ok
11:44:24.0511 4312 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:44:24.0542 4312 viaide - ok
11:44:24.0557 4312 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:44:24.0589 4312 volmgr - ok
11:44:24.0635 4312 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:44:24.0682 4312 volmgrx - ok
11:44:24.0698 4312 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:44:24.0776 4312 volsnap - ok
11:44:24.0963 4312 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:44:25.0119 4312 vsmraid - ok
11:44:25.0353 4312 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:44:25.0478 4312 vwifibus - ok
11:44:25.0603 4312 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:44:25.0743 4312 vwififlt - ok
11:44:25.0915 4312 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:44:25.0961 4312 WacomPen - ok
11:44:26.0039 4312 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:44:26.0117 4312 WANARP - ok
11:44:26.0133 4312 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:44:26.0180 4312 Wanarpv6 - ok
11:44:26.0289 4312 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:44:26.0336 4312 Wd - ok
11:44:26.0383 4312 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:44:26.0429 4312 Wdf01000 - ok
11:44:26.0461 4312 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:44:26.0507 4312 WfpLwf - ok
11:44:26.0523 4312 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:44:26.0570 4312 WIMMount - ok
11:44:26.0648 4312 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:44:26.0695 4312 WinUsb - ok
11:44:26.0710 4312 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:44:26.0757 4312 WmiAcpi - ok
11:44:26.0788 4312 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:44:26.0882 4312 ws2ifsl - ok
11:44:26.0960 4312 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
11:44:27.0053 4312 WSDPrintDevice - ok
11:44:27.0147 4312 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
11:44:27.0241 4312 WSDScan - ok
11:44:27.0287 4312 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:44:27.0397 4312 WudfPf - ok
11:44:27.0443 4312 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:44:27.0553 4312 WUDFRd - ok
11:44:27.0646 4312 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
11:44:27.0693 4312 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
11:44:27.0709 4312 MBR (0x1B8) (ae8af1e1ac87bf140e4b6bdba6844ff0) \Device\Harddisk0\DR0
11:44:28.0083 4312 \Device\Harddisk0\DR0 - ok
11:44:28.0083 4312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:44:28.0738 4312 \Device\Harddisk1\DR1 - ok
11:44:28.0754 4312 Boot (0x1200) (d0b5f510da56f06b5f1a76de6465abb7) \Device\Harddisk0\DR0\Partition0
11:44:28.0754 4312 \Device\Harddisk0\DR0\Partition0 - ok
11:44:28.0785 4312 Boot (0x1200) (aaa009ac53305bc813f31951eb88a694) \Device\Harddisk0\DR0\Partition1
11:44:28.0801 4312 \Device\Harddisk0\DR0\Partition1 - ok
11:44:28.0832 4312 Boot (0x1200) (79a730d00779eb36e858b58eaca2df57) \Device\Harddisk0\DR0\Partition2
11:44:28.0863 4312 \Device\Harddisk0\DR0\Partition2 - ok
11:44:28.0879 4312 Boot (0x1200) (059cf8352a9318516fdae53707be3dfc) \Device\Harddisk1\DR1\Partition0
11:44:28.0879 4312 \Device\Harddisk1\DR1\Partition0 - ok
11:44:28.0879 4312 ============================================================
11:44:28.0879 4312 Scan finished
11:44:28.0879 4312 ============================================================
11:44:28.0894 4216 Detected object count: 1
11:44:28.0894 4216 Actual detected object count: 1
11:44:31.0125 4216 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:31.0125 4216 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:44:33.0871 3788 Deinitialize success


-----


ComboFix 11-12-27.01 - Jennifer 12/27/2011 11:52:31.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.6689 [GMT -8:00]
Running from: c:\users\Jennifer\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Jennifer\AppData\Roaming\.#
c:\users\Jennifer\Favorites\Games.url
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\TEMP\ACLM\HP.ActiveCheckLocalMode.UpdateEngine.UpdateManager_34260e74-e340-4f4f-8008-06ced19c5a10\HP.ActiveCheckLocalMode.Ccl.dll
c:\windows\TEMP\ACLM\HP.ActiveCheckLocalMode.UpdateEngine.UpdateManager_34260e74-e340-4f4f-8008-06ced19c5a10\HP.ActiveCheckLocalMode.SharedObjects.dll
c:\windows\TEMP\ACLM\HP.ActiveCheckLocalMode.UpdateEngine.UpdateManager_34260e74-e340-4f4f-8008-06ced19c5a10\HP.ActiveCheckLocalMode.UpdateEngine.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 )))))))))))))))))))))))))))))))
.
.
2011-12-27 20:14 . 2011-12-27 20:14 -------- d-----w- c:\users\Mcx1-JENNIFER-PC\AppData\Local\temp
2011-12-27 20:14 . 2011-12-27 20:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-18 23:46 . 2011-12-18 23:46 -------- d-----w- c:\users\Jennifer\AppData\Roaming\SUPERAntiSpyware.com
2011-12-18 23:45 . 2011-12-18 23:46 -------- dc----w- c:\program files\SUPERAntiSpyware
2011-12-18 23:45 . 2011-12-18 23:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-16 03:09 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-16 03:09 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-16 03:09 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-16 03:09 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-16 03:08 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-16 03:08 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-11 22:18 . 2011-12-11 22:18 -------- d-----w- c:\windows\system32\Macromed
2011-12-09 20:13 . 2011-12-09 20:13 -------- d-----w- c:\users\Jennifer\AppData\Roaming\Malwarebytes
2011-12-09 20:13 . 2011-12-09 20:13 -------- d-----w- c:\programdata\Malwarebytes
2011-12-09 20:13 . 2011-12-09 20:13 -------- dc----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-09 20:13 . 2011-09-01 01:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 18:48 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F535D10F-EC74-4BE9-A085-1CCC9A4635EB}\mpengine.dll
2011-12-03 03:15 . 2011-12-03 03:16 -------- dc----w- c:\program files (x86)\Serpent of Isis - Your Journey Continues
2011-12-03 02:56 . 2011-12-03 02:57 -------- dc----w- c:\program files (x86)\Mystery Case Files - 13th Skull
2011-12-03 02:36 . 2011-12-03 02:37 -------- dc----w- c:\program files (x86)\Haunted Legends - The Bronze Horseman
2011-12-03 02:30 . 2011-12-03 02:31 -------- dc----w- c:\program files (x86)\Treasure Seekers - The Time Has Come
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 16:29 . 2011-11-09 22:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-24 206240]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
.
c:\users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files (x86)\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/02/22 19:35];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-09-18 01:41 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files (x86)\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-25 365568]
S2 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-04-14 140160]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-09-19 122880]
S2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-05-26 136616]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AODDriver4.01;AODDriver4.01;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-05-26 55424]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-16 c:\windows\Tasks\HPCeeScheduleForJennifer.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2011-12-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"combofix"="c:\combofix\CF26276.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://email.sempra.com/OWA/MWScripts/AttachView/1.5/DAX.cab
FF - ProfilePath - c:\users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\krnoo7u7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2011-12-27 12:21:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-27 20:21
.
Pre-Run: 871,158,829,056 bytes free
Post-Run: 871,651,618,816 bytes free
.
- - End Of File - - E2064091C387E62BD227DC3CF5E7FCB6

#5 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:28 PM

Posted 27 December 2011 - 04:36 PM

After ComboFix rebooted the system and completed its log file, I am unable to open any files or programs, all return "Illegal operation attempted on a registry key that has been marked for deletion". Can browse files, was able to transfer text files by thumb drive. Will refrain from restarting until instructed to.

Please restart your computer. That should fix the problem.



After restarting:

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

unite_blue.png

Please post the final results, good or bad. We like to know!


#6 setmenul

setmenul
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 27 December 2011 - 05:03 PM

TCF and MBAM completed, log below. Windows Defender and Firewall are still giving error noted in first post. Is this repariable?



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122704

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/27/2011 1:51:04 PM
mbam-log-2011-12-27 (13-51-04).txt

Scan type: Quick scan
Objects scanned: 190565
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:28 PM

Posted 27 December 2011 - 05:24 PM

Windows Defender and Firewall are still giving error noted in first post. Is this repariable?

Download both the registry files

http://www.mediafire.com/?317ea53a883288d

http://www.mediafire.com/?z6aw8j7997qa7j9

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service

unite_blue.png

Please post the final results, good or bad. We like to know!


#8 setmenul

setmenul
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 27 December 2011 - 07:12 PM

Firewall is now running :)

Defender still disabled and returns original error code with "the specified service does not exist as a specified service". Last time it ran was 12/7, before this all started. Searched Microsoft site, no way to reinstall it. I know the definition file was updated today, but not surprise Windows Update is not picking it up - confirms it inactive. Would another reg file fix?

BTW - Thanks again for all your help.

#9 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:28 PM

Posted 27 December 2011 - 07:24 PM

I can probably create a reg fix to fix the Windows Defender issue too, but I need some more info before I can do that.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :service
    BFE
    MpsSvc
    iphlpsvc
    wscsvc
    WinDefend
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Edited by Gammo, 27 December 2011 - 07:25 PM.

unite_blue.png

Please post the final results, good or bad. We like to know!


#10 setmenul

setmenul
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 27 December 2011 - 07:55 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 16:52 on 27/12/2011 by Jennifer
Administrator - Elevation successful

========== service ==========

BFE
Base Filtering Engine
"The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications."
Current Status: Started
Startup Type: Automatic
Error Control: Severe
Binary: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Group: NetworkProvider
SafeBoot: Network Network(Group)
Dependencies:
->RpcSs
Dependant Services:
->Internet Connection Sharing (ICS) (SharedAccess) (Stopped)
->Routing and Remote Access (RemoteAccess) (Stopped)
->IPsec Policy Agent (PolicyAgent) (Started)
->Windows Firewall (MpsSvc) (Started)
->IKE and AuthIP IPsec Keying Modules (IKEEXT) (Started)

MpsSvc
Windows Firewall
"Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network."
Current Status: Started
Startup Type: Automatic
Error Control: Severe
Binary: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Group: NetworkProvider
SafeBoot: Network Network(Group)
Dependencies:
->mpsdrv
->bfe
Dependant Services:
(none)

iphlpsvc - Unable to open Service Handle.

wscsvc
wscsvc
(No Description)
Current Status: Started
Startup Type: Automatic
Error Control: Severe
Binary: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Group: (none)
SafeBoot:
Dependencies:
->RpcSs
->winmgmt
Dependant Services:
(none)

WinDefend - Unable to open Service Handle.

-= EOF =-

#11 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:28 PM

Posted 28 December 2011 - 07:42 AM

Please download the attached file (fix.reg). Then double-click it in order to merge it with the registry. After doing that, please restart your PC.

Does that fix Windows Defender?

Attached Files

  • Attached File  fix.reg   13.96KB   3 downloads

unite_blue.png

Please post the final results, good or bad. We like to know!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users