Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
26 replies to this topic

#1 irishgurl4

irishgurl4

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 26 December 2011 - 06:39 PM

Something has decided to cling to my computer and causes google to redirect whenever I search. The most recent was a redirect to scott trade. I've run scans but nothing seems to fix it. Any help to fix this is greatly appreciated. Thanks.

Here is the DDS log.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Christine at 15:12:45 on 2011-12-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1810 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\Dwm.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\system32\mfevtps.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\DllHost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111224185216.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0F873092-1E0A-4485-A436-B7341A64FA99} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3477C868-D162-421C-A0FF-9946049740EB} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111224185216.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\n600xqt6.default\
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\n600xqt6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;C:\windows\system32\drivers\McPvDrv.sys --> C:\windows\system32\drivers\McPvDrv.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-19 89600]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-19 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-18 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-18 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-18 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-18 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-12-18 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-12-18 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-19 1692480]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-19 2533400]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-3-24 148360]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 366152]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-12-13 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-12-26 20:44:56 -------- d-----w- C:\ComboFix
2011-12-25 02:52:16 28760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2011-12-24 23:02:28 98816 ----a-w- C:\windows\sed.exe
2011-12-24 23:02:28 518144 ----a-w- C:\windows\SWREG.exe
2011-12-24 23:02:28 256000 ----a-w- C:\windows\PEV.exe
2011-12-24 23:02:28 208896 ----a-w- C:\windows\MBR.exe
2011-12-24 22:05:25 -------- d-----w- C:\Users\Christine\AppData\Roaming\QuickScan
2011-12-24 22:01:00 -------- d-----w- C:\Users\Christine\AppData\Roaming\Malwarebytes
2011-12-24 22:00:44 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-24 22:00:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-24 21:54:42 -------- d-----w- C:\Program Files (x86)\Ask.com
2011-12-23 18:47:13 -------- d-----w- C:\Users\Christine\AppData\Local\Mozilla
2011-12-22 23:29:45 -------- d-----w- C:\windows\SysWow64\Wat
2011-12-22 23:29:45 -------- d-----w- C:\windows\System32\Wat
2011-12-22 21:30:50 -------- d-----w- C:\ProgramData\McAfee Anti-Theft
2011-12-22 21:19:38 331776 ----a-w- C:\windows\System32\oleacc.dll
2011-12-22 21:19:38 233472 ----a-w- C:\windows\SysWow64\oleacc.dll
2011-12-22 21:19:37 861696 ----a-w- C:\windows\System32\oleaut32.dll
2011-12-22 21:19:37 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-12-22 21:19:36 723456 ----a-w- C:\windows\System32\EncDec.dll
2011-12-22 21:19:36 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2011-12-22 21:19:21 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-12-22 21:19:21 2048 ----a-w- C:\windows\System32\tzres.dll
2011-12-20 14:20:04 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-12-19 22:33:23 38912 ----a-w- C:\windows\System32\Spool\prtprocs\x64\EP0NPP01.DLL
2011-12-19 20:05:52 -------- d--h--w- C:\Users\Christine\AppData\Local\Adobe
2011-12-19 04:27:30 -------- d-----w- C:\Users\Christine\AppData\Roaming\Macrovision
2011-12-19 01:00:45 -------- d--h--w- C:\Users\Christine\AppData\Roaming\Roxio Burn
2011-12-19 00:03:39 -------- d-----w- C:\Program Files\Dell Support Center
2011-12-19 00:00:53 -------- d-----w- C:\Users\Christine\AppData\Roaming\PCDr
2011-12-19 00:00:05 -------- d-----w- C:\ProgramData\PCDr
2011-12-18 23:53:47 71800 ----a-w- C:\windows\System32\drivers\McPvDrv.sys
2011-12-18 23:53:47 -------- d--h--w- C:\Users\Christine\AppData\Local\McAfee Anti-Theft
2011-12-18 23:53:17 -------- d-----w- C:\Program Files (x86)\McAfee.com
2011-12-18 23:53:08 10248 ----a-w- C:\windows\System32\drivers\mfeclnk.sys
2011-12-18 23:52:57 284648 ----a-w- C:\windows\System32\drivers\mfewfpk.sys
2011-12-18 23:52:56 75808 ----a-w- C:\windows\System32\drivers\mfenlfk.sys
2011-12-18 23:52:56 65264 ----a-w- C:\windows\System32\drivers\cfwids.sys
2011-12-18 23:52:56 481768 ----a-w- C:\windows\System32\drivers\mfefirek.sys
2011-12-18 23:52:56 229528 ----a-w- C:\windows\System32\drivers\mfeavfk.sys
2011-12-18 23:52:56 100912 ----a-w- C:\windows\System32\drivers\mferkdet.sys
2011-12-18 23:52:52 -------- d-----w- C:\Program Files\McAfee.com
2011-12-18 23:52:52 -------- d-----w- C:\Program Files\McAfee
2011-12-18 23:52:52 -------- d-----w- C:\Program Files\Common Files\McAfee
2011-12-18 23:52:50 -------- d-----w- C:\Program Files (x86)\McAfee
2011-12-18 23:45:34 161168 ----a-w- C:\windows\System32\mfevtps.exe
2011-12-18 23:38:06 -------- d-----w- C:\Program Files (x86)\Dell Touch Software Suite
2011-12-18 23:38:06 -------- d-----w- C:\FIND_EULA_PATH
2011-12-18 23:36:49 -------- d-----w- C:\Users\Christine\AppData\Local\Dell
2011-12-18 23:36:13 -------- d--h--w- C:\Users\Christine\AppData\Roaming\Fingertapps
2011-12-18 23:36:13 -------- d--h--w- C:\Users\Christine\AppData\Roaming\Dell
2011-12-18 23:36:08 -------- d--h--w- C:\Users\Christine\AppData\Roaming\Dell Touch Zone
2011-12-18 23:36:00 -------- d--h--w- C:\Users\Christine\AppData\Roaming\Intel Corporation
2011-12-18 23:35:34 -------- d--h--w- C:\Users\Christine\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
2011-11-24 04:52:09 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-11-04 01:53:39 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\windows\System32\csrsrv.dll
2011-10-20 01:35:57 95544 ----a-w- C:\windows\System32\bcmwlcoi.dll
2011-10-20 01:35:57 6656 ----a-w- C:\windows\System32\bcmwlrc.dll
2011-10-20 01:35:57 4719168 ----a-w- C:\windows\System32\drivers\BCMWL664.SYS
2011-10-20 01:35:57 3900416 ----a-w- C:\windows\System32\bcmihvsrv64.dll
2011-10-20 01:35:57 3566080 ----a-w- C:\windows\System32\bcmihvui64.dll
2011-10-20 01:24:15 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-10-20 01:24:06 525544 ----a-w- C:\windows\System32\deployJava1.dll
2011-10-15 21:16:16 647080 ----a-w- C:\windows\System32\drivers\mfehidk.sys
2011-10-15 21:16:16 160280 ----a-w- C:\windows\System32\drivers\mfeapfk.sys
2011-09-29 16:29:28 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 15:28:26.52 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 28 December 2011 - 05:08 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 irishgurl4

irishgurl4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 28 December 2011 - 06:23 PM

Hi Gringo! Thanks for helping me with this. Below is the combo fix log. Re-direct is still occurring. Other than that things seem ok.

ComboFix 11-12-27.01 - Christine 12/28/2011 14:22:44.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2844 [GMT -8:00]
Running from: c:\users\Christine\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 )))))))))))))))))))))))))))))))
.
.
2011-12-28 22:50 . 2011-12-28 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-24 22:00 . 2011-12-24 22:00 -------- d-----w- c:\programdata\Malwarebytes
2011-12-24 22:00 . 2011-12-24 22:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-24 21:54 . 2011-12-24 21:55 -------- d-----w- c:\program files (x86)\Ask.com
2011-12-22 23:29 . 2011-12-22 23:29 -------- d-----w- c:\windows\SysWow64\Wat
2011-12-22 23:29 . 2011-12-22 23:29 -------- d-----w- c:\windows\system32\Wat
2011-12-22 21:30 . 2011-12-22 21:31 -------- d-----w- c:\programdata\McAfee Anti-Theft
2011-12-22 21:19 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-12-22 21:19 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-12-22 21:19 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-12-22 21:19 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-12-22 21:19 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-22 21:19 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-22 21:19 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-22 21:19 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-20 14:20 . 2011-12-20 14:20 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-12-19 22:33 . 2009-07-14 01:40 38912 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EP0NPP01.DLL
2011-12-19 00:03 . 2011-12-19 00:03 -------- d-----w- c:\program files\Dell Support Center
2011-12-19 00:00 . 2011-12-22 21:03 -------- d-----w- c:\programdata\PCDr
2011-12-18 23:53 . 2011-04-11 22:29 71800 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2011-12-18 23:53 . 2011-10-15 21:16 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-12-18 23:52 . 2011-10-15 21:16 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-12-18 23:52 . 2011-10-15 21:16 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-12-18 23:52 . 2011-10-15 21:16 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-12-18 23:52 . 2011-10-15 21:16 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-12-18 23:52 . 2011-10-15 21:16 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-12-18 23:52 . 2011-10-15 21:16 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-12-18 23:52 . 2011-12-18 23:53 -------- d-----w- c:\program files\McAfee
2011-12-18 23:52 . 2011-12-18 23:53 -------- d-----w- c:\program files\Common Files\McAfee
2011-12-18 23:52 . 2011-12-28 10:59 -------- d-----w- c:\program files (x86)\McAfee
2011-12-18 23:45 . 2011-10-18 22:32 161168 ----a-w- c:\windows\system32\mfevtps.exe
2011-12-18 23:38 . 2011-12-22 21:07 -------- d-----w- C:\FIND_EULA_PATH
2011-12-18 23:38 . 2011-12-18 23:38 -------- d-----w- c:\program files (x86)\Dell Touch Software Suite
2011-12-18 23:33 . 2011-12-20 19:32 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks
2011-12-18 23:32 . 2011-12-22 21:09 -------- d-----w- c:\users\Christine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-18 23:33 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-20 01:35 . 2011-10-20 01:36 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-10-20 01:35 . 2011-10-20 01:36 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-10-20 01:35 . 2011-10-20 01:36 4719168 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2011-10-20 01:35 . 2011-10-20 01:36 3900416 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2011-10-20 01:35 . 2011-10-20 01:36 3566080 ----a-w- c:\windows\system32\bcmihvui64.dll
2011-10-20 01:29 . 2011-10-20 01:29 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-20 01:29 . 2011-10-20 01:29 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-20 01:29 . 2011-10-20 01:29 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-10-20 01:29 . 2011-10-20 01:29 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-10-20 01:29 . 2011-10-20 01:29 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-10-20 01:29 . 2011-10-20 01:29 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-10-20 01:29 . 2011-10-20 01:29 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-10-20 01:29 . 2011-10-20 01:29 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-10-20 01:29 . 2011-10-20 01:29 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-10-20 01:29 . 2011-10-20 01:29 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-10-20 01:29 . 2011-10-20 01:29 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-10-20 01:29 . 2011-10-20 01:29 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-10-20 01:29 . 2011-10-20 01:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-20 01:29 . 2011-10-20 01:29 448512 ----a-w- c:\windows\system32\html.iec
2011-10-20 01:29 . 2011-10-20 01:29 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-10-20 01:29 . 2011-10-20 01:29 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-10-20 01:29 . 2011-10-20 01:29 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-10-20 01:29 . 2011-10-20 01:29 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-20 01:29 . 2011-10-20 01:29 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-10-20 01:29 . 2011-10-20 01:29 222208 ----a-w- c:\windows\system32\msls31.dll
2011-10-20 01:29 . 2011-10-20 01:29 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-20 01:29 . 2011-10-20 01:29 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-10-20 01:29 . 2011-10-20 01:29 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-10-20 01:29 . 2011-10-20 01:29 160256 ----a-w- c:\windows\system32\wextract.exe
2011-10-20 01:29 . 2011-10-20 01:29 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-10-20 01:29 . 2011-10-20 01:29 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-10-20 01:29 . 2011-10-20 01:29 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-10-20 01:29 . 2011-10-20 01:29 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-20 01:29 . 2011-10-20 01:29 12288 ----a-w- c:\windows\system32\mshta.exe
2011-10-20 01:29 . 2011-10-20 01:29 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-10-20 01:29 . 2011-10-20 01:29 114176 ----a-w- c:\windows\system32\admparse.dll
2011-10-20 01:29 . 2011-10-20 01:29 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-20 01:29 . 2011-10-20 01:29 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-10-20 01:29 . 2011-10-20 01:29 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-10-20 01:24 . 2011-10-20 01:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-20 01:24 . 2011-10-20 01:24 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-15 21:16 . 2011-03-13 19:20 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 21:16 . 2011-03-13 19:20 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-24_23.40.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-12-28 21:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-24 23:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-24 23:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-28 21:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-24 23:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-28 21:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2011-12-28 21:58 36902 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-28 21:58 36826 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-12-18 23:34 . 2011-12-24 22:58 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-18 23:34 . 2011-12-28 21:56 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-18 23:34 . 2011-12-28 21:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-18 23:34 . 2011-12-24 22:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-28 21:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-24 22:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-12-26 06:04 99040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-12-18 23:46 . 2011-12-28 21:58 4998 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-686055213-3356831943-3787669092-1001_UserData.bin
+ 2011-12-28 21:56 . 2011-12-28 21:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-24 22:58 . 2011-12-24 22:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-28 21:56 . 2011-12-28 21:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-24 22:58 . 2011-12-24 22:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-19 04:27 . 2011-12-28 14:27 208180 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-12-24 23:05 660318 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-28 14:30 660318 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-28 14:30 121214 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-24 23:05 121214 c:\windows\system32\perfc009.dat
- 2011-12-19 17:40 . 2011-12-22 23:44 368760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-12-19 17:40 . 2011-12-28 20:12 368760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-12-28 21:55 268268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-24 22:57 268268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-18 23:43 . 2011-12-28 21:55 8312636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-686055213-3356831943-3787669092-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-27 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-27 02:23 1493160 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-27 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-23 1675160]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-07-27 397992]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 0084941325070030mcinstcleanup;McAfee Application Installer Cleanup (0084941325070030);c:\windows\TEMP\008494~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-03-24 148360]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-12-14 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-02 2533400]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2011-12-28 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\n600xqt6.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-28 15:08:53
ComboFix-quarantined-files.txt 2011-12-28 23:08
ComboFix2.txt 2011-12-28 21:19
ComboFix3.txt 2011-12-26 22:28
ComboFix4.txt 2011-12-25 16:36
ComboFix5.txt 2011-12-28 22:18
.
Pre-Run: 586,034,618,368 bytes free
Post-Run: 585,749,450,752 bytes free
.
- - End Of File - - 0D4610081DFE18F251DF47AEF1260619

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 28 December 2011 - 08:28 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 irishgurl4

irishgurl4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 28 December 2011 - 08:33 PM

Tried running TDSSKiller and nothing happened. I double clicked on the icon and my computer brought up a box asking if I would allow this program to make changes to my computer, clicked yes, waited and nothing happened. Tried again, same thing. :(

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 28 December 2011 - 08:39 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 irishgurl4

irishgurl4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 28 December 2011 - 08:58 PM

Uh ohs ... I think I angered it (posting from my android now). Ran the TDSS fix and it came back with MBR infected, clicked Repair, said fixed. Restarted computer and all hell broke loose. Said Windows failed to start flickered a blue screen and went into a menu that allowed me to run Startup Repair or start normally. Tried normally, failed, went through Startup Repair once, clicked Finish and Windows still did not start proper and it's running Startup Repair again as I type. Help!

#8 irishgurl4

irishgurl4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 28 December 2011 - 09:08 PM

Second Startup Repair finished and it says it "cannot repair this computer automatically" with the options of sending more info to Microsoft or not. No idea what to do from here ...

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 28 December 2011 - 09:17 PM

Hello


during start up I want you to press F10


this will take you to an edit boot menu

I need you to tell me what you see after noexecute


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 irishgurl4

irishgurl4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 28 December 2011 - 09:20 PM

[ /NOEXECUTE=OPTIN /MININT

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 28 December 2011 - 09:26 PM

Hello


boot back into F10 and remove this part /MININT


allow windows to boot up normaly

click on the start orb

in the search pane - search for CMD

right click on CMD and select "Run As Admin"

in the window that opens up copy and past this line into it

bcdedit /set {current} winpe no


see if computer will start normally now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 irishgurl4

irishgurl4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 28 December 2011 - 09:38 PM

We have success! Although there was a pause with an underscore blink, followed by another underscore blink on a blank screen real quick right before it went into windows startup. Tried a google search and it didn't redirect but I wanna make sure things get all fixed proper.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 28 December 2011 - 09:51 PM

Hello


Very good - now try and run TDSSKiller for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 irishgurl4

irishgurl4
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 28 December 2011 - 09:55 PM

Ran it and says no threats found, log below.

16:52:34.0552 1296 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
16:52:36.0553 1296 ============================================================
16:52:36.0553 1296 Current date / time: 2011/12/28 16:52:36.0553
16:52:36.0553 1296 SystemInfo:
16:52:36.0553 1296
16:52:36.0553 1296 OS Version: 6.1.7601 ServicePack: 1.0
16:52:36.0553 1296 Product type: Workstation
16:52:36.0554 1296 ComputerName: CHRISTINE-PC
16:52:36.0554 1296 UserName: Christine
16:52:36.0554 1296 Windows directory: C:\windows
16:52:36.0554 1296 System windows directory: C:\windows
16:52:36.0554 1296 Running under WOW64
16:52:36.0554 1296 Processor architecture: Intel x64
16:52:36.0554 1296 Number of processors: 4
16:52:36.0554 1296 Page size: 0x1000
16:52:36.0554 1296 Boot type: Normal boot
16:52:36.0554 1296 ============================================================
16:52:37.0076 1296 Initialize success
16:52:43.0061 1456 ============================================================
16:52:43.0061 1456 Scan started
16:52:43.0061 1456 Mode: Manual;
16:52:43.0061 1456 ============================================================
16:52:43.0309 1456 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
16:52:43.0364 1456 1394ohci - ok
16:52:43.0424 1456 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
16:52:43.0489 1456 ACPI - ok
16:52:43.0513 1456 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
16:52:43.0569 1456 AcpiPmi - ok
16:52:43.0651 1456 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
16:52:43.0672 1456 adp94xx - ok
16:52:43.0705 1456 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
16:52:43.0724 1456 adpahci - ok
16:52:43.0772 1456 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
16:52:43.0786 1456 adpu320 - ok
16:52:43.0856 1456 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
16:52:43.0921 1456 AFD - ok
16:52:43.0940 1456 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
16:52:43.0944 1456 agp440 - ok
16:52:43.0980 1456 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
16:52:43.0990 1456 aliide - ok
16:52:44.0009 1456 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
16:52:44.0012 1456 amdide - ok
16:52:44.0055 1456 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
16:52:44.0063 1456 AmdK8 - ok
16:52:44.0082 1456 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
16:52:44.0087 1456 AmdPPM - ok
16:52:44.0124 1456 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
16:52:44.0176 1456 amdsata - ok
16:52:44.0219 1456 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
16:52:44.0234 1456 amdsbs - ok
16:52:44.0249 1456 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
16:52:44.0306 1456 amdxata - ok
16:52:44.0369 1456 ApfiltrService (6690e42ced5d067233abad42da141213) C:\windows\system32\DRIVERS\Apfiltr.sys
16:52:44.0420 1456 ApfiltrService - ok
16:52:44.0461 1456 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
16:52:44.0519 1456 AppID - ok
16:52:44.0581 1456 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
16:52:44.0587 1456 arc - ok
16:52:44.0599 1456 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
16:52:44.0609 1456 arcsas - ok
16:52:44.0665 1456 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
16:52:44.0674 1456 AsyncMac - ok
16:52:44.0709 1456 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
16:52:44.0713 1456 atapi - ok
16:52:44.0764 1456 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
16:52:44.0777 1456 b06bdrv - ok
16:52:44.0826 1456 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
16:52:44.0838 1456 b57nd60a - ok
16:52:44.0992 1456 BCM43XX (783f1c7ed6b39454a8d1028d4f30768d) C:\windows\system32\DRIVERS\bcmwl664.sys
16:52:45.0054 1456 BCM43XX - ok
16:52:45.0071 1456 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
16:52:45.0076 1456 Beep - ok
16:52:45.0139 1456 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
16:52:45.0151 1456 blbdrive - ok
16:52:45.0170 1456 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
16:52:45.0209 1456 bowser - ok
16:52:45.0230 1456 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
16:52:45.0235 1456 BrFiltLo - ok
16:52:45.0251 1456 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
16:52:45.0257 1456 BrFiltUp - ok
16:52:45.0285 1456 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
16:52:45.0302 1456 Brserid - ok
16:52:45.0320 1456 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
16:52:45.0325 1456 BrSerWdm - ok
16:52:45.0336 1456 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
16:52:45.0340 1456 BrUsbMdm - ok
16:52:45.0349 1456 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
16:52:45.0353 1456 BrUsbSer - ok
16:52:45.0415 1456 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
16:52:45.0421 1456 BthEnum - ok
16:52:45.0450 1456 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
16:52:45.0455 1456 BTHMODEM - ok
16:52:45.0498 1456 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
16:52:45.0505 1456 BthPan - ok
16:52:45.0542 1456 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
16:52:45.0603 1456 BTHPORT - ok
16:52:45.0649 1456 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
16:52:45.0702 1456 BTHUSB - ok
16:52:45.0871 1456 catchme - ok
16:52:45.0940 1456 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
16:52:45.0950 1456 cdfs - ok
16:52:45.0997 1456 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
16:52:46.0058 1456 cdrom - ok
16:52:46.0128 1456 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\windows\system32\drivers\cfwids.sys
16:52:46.0183 1456 cfwids - ok
16:52:46.0223 1456 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
16:52:46.0228 1456 circlass - ok
16:52:46.0269 1456 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
16:52:46.0287 1456 CLFS - ok
16:52:46.0343 1456 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
16:52:46.0352 1456 CmBatt - ok
16:52:46.0377 1456 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
16:52:46.0384 1456 cmdide - ok
16:52:46.0429 1456 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
16:52:46.0490 1456 CNG - ok
16:52:46.0543 1456 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
16:52:46.0553 1456 Compbatt - ok
16:52:46.0571 1456 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
16:52:46.0615 1456 CompositeBus - ok
16:52:46.0638 1456 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
16:52:46.0641 1456 crcdisk - ok
16:52:46.0710 1456 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys
16:52:46.0770 1456 CtClsFlt - ok
16:52:46.0817 1456 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
16:52:46.0872 1456 DfsC - ok
16:52:46.0893 1456 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
16:52:46.0897 1456 discache - ok
16:52:46.0946 1456 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
16:52:46.0956 1456 Disk - ok
16:52:47.0002 1456 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
16:52:47.0012 1456 drmkaud - ok
16:52:47.0048 1456 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
16:52:47.0118 1456 DXGKrnl - ok
16:52:47.0227 1456 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
16:52:47.0351 1456 ebdrv - ok
16:52:47.0404 1456 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
16:52:47.0421 1456 elxstor - ok
16:52:47.0432 1456 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
16:52:47.0440 1456 ErrDev - ok
16:52:47.0487 1456 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
16:52:47.0501 1456 exfat - ok
16:52:47.0538 1456 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
16:52:47.0551 1456 fastfat - ok
16:52:47.0567 1456 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
16:52:47.0572 1456 fdc - ok
16:52:47.0599 1456 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
16:52:47.0602 1456 FileInfo - ok
16:52:47.0626 1456 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
16:52:47.0631 1456 Filetrace - ok
16:52:47.0644 1456 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
16:52:47.0651 1456 flpydisk - ok
16:52:47.0665 1456 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
16:52:47.0699 1456 FltMgr - ok
16:52:47.0722 1456 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
16:52:47.0727 1456 FsDepends - ok
16:52:47.0743 1456 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
16:52:47.0745 1456 Fs_Rec - ok
16:52:47.0762 1456 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
16:52:47.0811 1456 fvevol - ok
16:52:47.0834 1456 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
16:52:47.0846 1456 gagp30kx - ok
16:52:47.0897 1456 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
16:52:47.0902 1456 hcw85cir - ok
16:52:47.0935 1456 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
16:52:47.0996 1456 HdAudAddService - ok
16:52:48.0006 1456 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
16:52:48.0045 1456 HDAudBus - ok
16:52:48.0090 1456 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
16:52:48.0151 1456 HECIx64 - ok
16:52:48.0160 1456 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
16:52:48.0164 1456 HidBatt - ok
16:52:48.0174 1456 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
16:52:48.0179 1456 HidBth - ok
16:52:48.0195 1456 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
16:52:48.0202 1456 HidIr - ok
16:52:48.0244 1456 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
16:52:48.0306 1456 HidUsb - ok
16:52:48.0325 1456 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
16:52:48.0367 1456 HpSAMD - ok
16:52:48.0419 1456 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
16:52:48.0492 1456 HTTP - ok
16:52:48.0519 1456 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
16:52:48.0569 1456 hwpolicy - ok
16:52:48.0580 1456 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
16:52:48.0586 1456 i8042prt - ok
16:52:48.0650 1456 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
16:52:48.0656 1456 iaStor - ok
16:52:48.0706 1456 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
16:52:48.0768 1456 iaStorV - ok
16:52:49.0072 1456 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\windows\system32\DRIVERS\igdkmd64.sys
16:52:49.0278 1456 igfx - ok
16:52:49.0388 1456 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
16:52:49.0397 1456 iirsp - ok
16:52:49.0466 1456 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
16:52:49.0528 1456 Impcd - ok
16:52:49.0564 1456 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
16:52:49.0609 1456 IntcDAud - ok
16:52:49.0651 1456 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
16:52:49.0655 1456 intelide - ok
16:52:49.0687 1456 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
16:52:49.0697 1456 intelppm - ok
16:52:49.0742 1456 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:52:49.0788 1456 IpFilterDriver - ok
16:52:49.0807 1456 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
16:52:49.0847 1456 IPMIDRV - ok
16:52:49.0863 1456 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
16:52:49.0868 1456 IPNAT - ok
16:52:49.0904 1456 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
16:52:49.0911 1456 IRENUM - ok
16:52:49.0931 1456 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
16:52:49.0936 1456 isapnp - ok
16:52:49.0967 1456 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
16:52:50.0027 1456 iScsiPrt - ok
16:52:50.0067 1456 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
16:52:50.0077 1456 kbdclass - ok
16:52:50.0096 1456 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
16:52:50.0142 1456 kbdhid - ok
16:52:50.0176 1456 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
16:52:50.0224 1456 KSecDD - ok
16:52:50.0236 1456 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
16:52:50.0278 1456 KSecPkg - ok
16:52:50.0302 1456 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
16:52:50.0306 1456 ksthunk - ok
16:52:50.0375 1456 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
16:52:50.0382 1456 lltdio - ok
16:52:50.0591 1456 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
16:52:50.0600 1456 LSI_FC - ok
16:52:50.0632 1456 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
16:52:50.0638 1456 LSI_SAS - ok
16:52:50.0665 1456 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
16:52:50.0669 1456 LSI_SAS2 - ok
16:52:50.0695 1456 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
16:52:50.0704 1456 LSI_SCSI - ok
16:52:50.0747 1456 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
16:52:50.0753 1456 luafv - ok
16:52:50.0779 1456 MBAMProtector - ok
16:52:50.0915 1456 McPvDrv (a0c364079e7ae6c3127bee8e196f00e5) C:\windows\system32\drivers\McPvDrv.sys
16:52:50.0972 1456 McPvDrv - ok
16:52:51.0054 1456 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
16:52:51.0065 1456 megasas - ok
16:52:51.0095 1456 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
16:52:51.0108 1456 MegaSR - ok
16:52:51.0154 1456 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\windows\system32\drivers\mfeapfk.sys
16:52:51.0214 1456 mfeapfk - ok
16:52:51.0269 1456 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\windows\system32\drivers\mfeavfk.sys
16:52:51.0332 1456 mfeavfk - ok
16:52:51.0368 1456 mfeavfk01 - ok
16:52:51.0426 1456 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\windows\system32\drivers\mfefirek.sys
16:52:51.0494 1456 mfefirek - ok
16:52:51.0581 1456 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\windows\system32\drivers\mfehidk.sys
16:52:51.0649 1456 mfehidk - ok
16:52:51.0701 1456 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\windows\system32\DRIVERS\mfenlfk.sys
16:52:51.0761 1456 mfenlfk - ok
16:52:51.0809 1456 mferkdet (65776bd8029e409935b90de30bf99526) C:\windows\system32\drivers\mferkdet.sys
16:52:51.0870 1456 mferkdet - ok
16:52:51.0948 1456 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\windows\system32\drivers\mfewfpk.sys
16:52:52.0018 1456 mfewfpk - ok
16:52:52.0052 1456 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
16:52:52.0055 1456 Modem - ok
16:52:52.0092 1456 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
16:52:52.0100 1456 monitor - ok
16:52:52.0143 1456 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
16:52:52.0152 1456 mouclass - ok
16:52:52.0194 1456 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
16:52:52.0203 1456 mouhid - ok
16:52:52.0227 1456 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
16:52:52.0288 1456 mountmgr - ok
16:52:52.0316 1456 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
16:52:52.0359 1456 mpio - ok
16:52:52.0392 1456 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
16:52:52.0402 1456 mpsdrv - ok
16:52:52.0421 1456 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
16:52:52.0468 1456 MRxDAV - ok
16:52:52.0501 1456 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
16:52:52.0544 1456 mrxsmb - ok
16:52:52.0573 1456 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:52:52.0645 1456 mrxsmb10 - ok
16:52:52.0669 1456 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:52:52.0709 1456 mrxsmb20 - ok
16:52:52.0735 1456 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
16:52:52.0778 1456 msahci - ok
16:52:52.0809 1456 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
16:52:52.0876 1456 msdsm - ok
16:52:52.0899 1456 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
16:52:52.0904 1456 Msfs - ok
16:52:52.0939 1456 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
16:52:52.0948 1456 mshidkmdf - ok
16:52:52.0966 1456 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
16:52:52.0969 1456 msisadrv - ok
16:52:53.0003 1456 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
16:52:53.0009 1456 MSKSSRV - ok
16:52:53.0030 1456 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
16:52:53.0041 1456 MSPCLOCK - ok
16:52:53.0066 1456 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
16:52:53.0069 1456 MSPQM - ok
16:52:53.0101 1456 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
16:52:53.0153 1456 MsRPC - ok
16:52:53.0174 1456 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
16:52:53.0180 1456 mssmbios - ok
16:52:53.0202 1456 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
16:52:53.0209 1456 MSTEE - ok
16:52:53.0221 1456 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
16:52:53.0228 1456 MTConfig - ok
16:52:53.0254 1456 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
16:52:53.0261 1456 Mup - ok
16:52:53.0314 1456 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
16:52:53.0331 1456 NativeWifiP - ok
16:52:53.0397 1456 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
16:52:53.0460 1456 NDIS - ok
16:52:53.0504 1456 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
16:52:53.0515 1456 NdisCap - ok
16:52:53.0544 1456 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
16:52:53.0551 1456 NdisTapi - ok
16:52:53.0577 1456 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
16:52:53.0616 1456 Ndisuio - ok
16:52:53.0628 1456 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
16:52:53.0668 1456 NdisWan - ok
16:52:53.0703 1456 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
16:52:53.0744 1456 NDProxy - ok
16:52:53.0781 1456 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
16:52:53.0790 1456 NetBIOS - ok
16:52:53.0807 1456 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
16:52:53.0858 1456 NetBT - ok
16:52:53.0915 1456 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
16:52:53.0920 1456 nfrd960 - ok
16:52:53.0963 1456 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
16:52:53.0967 1456 Npfs - ok
16:52:53.0991 1456 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
16:52:53.0997 1456 nsiproxy - ok
16:52:54.0049 1456 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
16:52:54.0131 1456 Ntfs - ok
16:52:54.0153 1456 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
16:52:54.0159 1456 Null - ok
16:52:54.0192 1456 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
16:52:54.0253 1456 nvraid - ok
16:52:54.0280 1456 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
16:52:54.0354 1456 nvstor - ok
16:52:54.0389 1456 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
16:52:54.0403 1456 nv_agp - ok
16:52:54.0416 1456 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
16:52:54.0424 1456 ohci1394 - ok
16:52:54.0453 1456 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
16:52:54.0460 1456 Parport - ok
16:52:54.0487 1456 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
16:52:54.0542 1456 partmgr - ok
16:52:54.0626 1456 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
16:52:54.0689 1456 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
16:52:54.0795 1456 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
16:52:54.0854 1456 pci - ok
16:52:54.0891 1456 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
16:52:54.0900 1456 pciide - ok
16:52:54.0916 1456 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
16:52:54.0925 1456 pcmcia - ok
16:52:54.0948 1456 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
16:52:54.0954 1456 pcw - ok
16:52:54.0976 1456 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
16:52:54.0995 1456 PEAUTH - ok
16:52:55.0076 1456 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
16:52:55.0126 1456 PptpMiniport - ok
16:52:55.0146 1456 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
16:52:55.0150 1456 Processor - ok
16:52:55.0192 1456 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
16:52:55.0244 1456 Psched - ok
16:52:55.0275 1456 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
16:52:55.0346 1456 PxHlpa64 - ok
16:52:55.0427 1456 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
16:52:55.0525 1456 ql2300 - ok
16:52:55.0673 1456 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
16:52:55.0679 1456 ql40xx - ok
16:52:55.0743 1456 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
16:52:55.0753 1456 QWAVEdrv - ok
16:52:55.0817 1456 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
16:52:55.0823 1456 RasAcd - ok
16:52:55.0917 1456 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
16:52:55.0922 1456 RasAgileVpn - ok
16:52:55.0952 1456 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
16:52:55.0997 1456 Rasl2tp - ok
16:52:56.0020 1456 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
16:52:56.0027 1456 RasPppoe - ok
16:52:56.0056 1456 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
16:52:56.0062 1456 RasSstp - ok
16:52:56.0094 1456 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
16:52:56.0144 1456 rdbss - ok
16:52:56.0166 1456 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
16:52:56.0171 1456 rdpbus - ok
16:52:56.0197 1456 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
16:52:56.0201 1456 RDPCDD - ok
16:52:56.0266 1456 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
16:52:56.0273 1456 RDPENCDD - ok
16:52:56.0289 1456 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
16:52:56.0294 1456 RDPREFMP - ok
16:52:56.0314 1456 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
16:52:56.0357 1456 RDPWD - ok
16:52:56.0417 1456 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
16:52:56.0476 1456 rdyboost - ok
16:52:56.0621 1456 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
16:52:56.0633 1456 RFCOMM - ok
16:52:56.0737 1456 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
16:52:56.0743 1456 rspndr - ok
16:52:56.0823 1456 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
16:52:56.0885 1456 RSUSBSTOR - ok
16:52:56.0912 1456 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\windows\system32\DRIVERS\Rt64win7.sys
16:52:56.0959 1456 RTL8167 - ok
16:52:56.0993 1456 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
16:52:57.0047 1456 sbp2port - ok
16:52:57.0072 1456 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
16:52:57.0133 1456 scfilter - ok
16:52:57.0180 1456 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
16:52:57.0184 1456 secdrv - ok
16:52:57.0221 1456 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
16:52:57.0225 1456 Serenum - ok
16:52:57.0259 1456 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
16:52:57.0265 1456 Serial - ok
16:52:57.0290 1456 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
16:52:57.0297 1456 sermouse - ok
16:52:57.0325 1456 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
16:52:57.0329 1456 sffdisk - ok
16:52:57.0341 1456 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
16:52:57.0346 1456 sffp_mmc - ok
16:52:57.0357 1456 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
16:52:57.0398 1456 sffp_sd - ok
16:52:57.0409 1456 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
16:52:57.0413 1456 sfloppy - ok
16:52:57.0435 1456 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
16:52:57.0439 1456 SiSRaid2 - ok
16:52:57.0451 1456 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
16:52:57.0456 1456 SiSRaid4 - ok
16:52:57.0480 1456 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
16:52:57.0487 1456 Smb - ok
16:52:57.0528 1456 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
16:52:57.0535 1456 spldr - ok
16:52:57.0595 1456 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
16:52:57.0661 1456 srv - ok
16:52:57.0695 1456 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
16:52:57.0756 1456 srv2 - ok
16:52:57.0802 1456 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
16:52:57.0854 1456 srvnet - ok
16:52:57.0952 1456 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
16:52:57.0958 1456 stexstor - ok
16:52:58.0033 1456 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\windows\system32\DRIVERS\stwrt64.sys
16:52:58.0095 1456 STHDA - ok
16:52:58.0142 1456 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
16:52:58.0150 1456 swenum - ok
16:52:58.0235 1456 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
16:52:58.0367 1456 Tcpip - ok
16:52:58.0557 1456 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
16:52:58.0578 1456 TCPIP6 - ok
16:52:58.0631 1456 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
16:52:58.0707 1456 tcpipreg - ok
16:52:58.0734 1456 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
16:52:58.0740 1456 TDPIPE - ok
16:52:58.0751 1456 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
16:52:58.0754 1456 TDTCP - ok
16:52:58.0780 1456 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
16:52:58.0832 1456 tdx - ok
16:52:58.0850 1456 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
16:52:58.0881 1456 TermDD - ok
16:52:58.0932 1456 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
16:52:58.0989 1456 tssecsrv - ok
16:52:59.0019 1456 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
16:52:59.0076 1456 TsUsbFlt - ok
16:52:59.0087 1456 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
16:52:59.0125 1456 TsUsbGD - ok
16:52:59.0173 1456 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
16:52:59.0242 1456 tunnel - ok
16:52:59.0268 1456 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
16:52:59.0277 1456 uagp35 - ok
16:52:59.0295 1456 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
16:52:59.0348 1456 udfs - ok
16:52:59.0376 1456 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
16:52:59.0381 1456 uliagpkx - ok
16:52:59.0421 1456 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
16:52:59.0473 1456 umbus - ok
16:52:59.0511 1456 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
16:52:59.0515 1456 UmPass - ok
16:52:59.0566 1456 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
16:52:59.0616 1456 usbccgp - ok
16:52:59.0649 1456 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
16:52:59.0655 1456 usbcir - ok
16:52:59.0682 1456 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
16:52:59.0739 1456 usbehci - ok
16:52:59.0862 1456 usbhub (8b892002d7b79312821169a14317ab86) C:\windows\system32\DRIVERS\usbhub.sys
16:52:59.0940 1456 usbhub - ok
16:52:59.0962 1456 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
16:53:00.0001 1456 usbohci - ok
16:53:00.0021 1456 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
16:53:00.0025 1456 usbprint - ok
16:53:00.0037 1456 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:53:00.0077 1456 USBSTOR - ok
16:53:00.0088 1456 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
16:53:00.0127 1456 usbuhci - ok
16:53:00.0158 1456 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
16:53:00.0217 1456 usbvideo - ok
16:53:00.0263 1456 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
16:53:00.0272 1456 vdrvroot - ok
16:53:00.0303 1456 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
16:53:00.0308 1456 vga - ok
16:53:00.0332 1456 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
16:53:00.0339 1456 VgaSave - ok
16:53:00.0354 1456 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
16:53:00.0417 1456 vhdmp - ok
16:53:00.0428 1456 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
16:53:00.0433 1456 viaide - ok
16:53:00.0454 1456 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
16:53:00.0497 1456 volmgr - ok
16:53:00.0522 1456 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
16:53:00.0586 1456 volmgrx - ok
16:53:00.0645 1456 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
16:53:00.0706 1456 volsnap - ok
16:53:00.0745 1456 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
16:53:00.0758 1456 vsmraid - ok
16:53:00.0786 1456 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
16:53:00.0790 1456 vwifibus - ok
16:53:00.0828 1456 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
16:53:00.0838 1456 vwififlt - ok
16:53:00.0867 1456 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
16:53:00.0873 1456 WacomPen - ok
16:53:00.0916 1456 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:53:00.0970 1456 WANARP - ok
16:53:00.0985 1456 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:53:00.0986 1456 Wanarpv6 - ok
16:53:01.0015 1456 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
16:53:01.0020 1456 Wd - ok
16:53:01.0061 1456 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
16:53:01.0088 1456 Wdf01000 - ok
16:53:01.0163 1456 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
16:53:01.0169 1456 WfpLwf - ok
16:53:01.0200 1456 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
16:53:01.0257 1456 WimFltr - ok
16:53:01.0290 1456 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
16:53:01.0293 1456 WIMMount - ok
16:53:01.0477 1456 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
16:53:01.0484 1456 WmiAcpi - ok
16:53:01.0556 1456 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
16:53:01.0562 1456 ws2ifsl - ok
16:53:01.0596 1456 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
16:53:01.0636 1456 WudfPf - ok
16:53:01.0684 1456 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
16:53:01.0741 1456 WUDFRd - ok
16:53:01.0770 1456 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:53:01.0836 1456 \Device\Harddisk0\DR0 - ok
16:53:01.0841 1456 Boot (0x1200) (17e6064b18aa88ed8319b3238fe06a25) \Device\Harddisk0\DR0\Partition0
16:53:01.0843 1456 \Device\Harddisk0\DR0\Partition0 - ok
16:53:01.0864 1456 Boot (0x1200) (723ffebde086355ce5f5c8e20d4fdb4a) \Device\Harddisk0\DR0\Partition1
16:53:01.0866 1456 \Device\Harddisk0\DR0\Partition1 - ok
16:53:01.0867 1456 ============================================================
16:53:01.0867 1456 Scan finished
16:53:01.0867 1456 ============================================================
16:53:01.0880 1920 Detected object count: 0
16:53:01.0880 1920 Actual detected object count: 0

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:00 AM

Posted 28 December 2011 - 09:59 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users