Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect problem


  • This topic is locked This topic is locked
9 replies to this topic

#1 sharondelray

sharondelray

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 05 February 2012 - 08:52 PM

Lots of problems with the Google redirect virus. It always takes me to another page and slows down the whole computer.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Andrew at 19:52:54 on 2012-02-05
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1437 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LP\B424\AB6.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Andrew\AppData\Roaming\424AF\C82B4.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchFilterHost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27361210l525l0414z1h5a4712x388
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27361210l525l0414z1h5a4712x388
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27361210l525l0414z1h5a4712x388
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:58263
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
uWindows: Load=C:\Users\Andrew\AppData\Roaming\AF644\lvvm.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120205193438.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [TVPlanet]
uRun: [RadioPlanet]
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
dRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F8D15CFE-FD96-4965-883A-45CB19FF12CE} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F8D15CFE-FD96-4965-883A-45CB19FF12CE}\37075627C696E676 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F8D15CFE-FD96-4965-883A-45CB19FF12CE}\3736367657563747 : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{F8D15CFE-FD96-4965-883A-45CB19FF12CE}\95F657E67635973616D6F62756D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120205193438.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun-x64: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-3-21 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-21 225280]
.
=============== Created Last 30 ================
.
2012-02-06 00:34:54 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-02-06 00:34:36 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-02-06 00:34:26 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-02-06 00:34:26 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-02-06 00:34:26 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-02-06 00:34:26 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-02-06 00:34:26 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-02-06 00:34:26 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-02-06 00:34:26 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-02-06 00:34:26 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-02-06 00:13:17 156792 ----a-r- C:\Windows\System32\drivers\mfeapfk.sys.ee88.deleteme
2012-02-06 00:13:15 639216 ----a-r- C:\Windows\System32\drivers\mfehidk.sys.1cea.deleteme
2012-02-06 00:08:31 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-02-05 23:42:07 -------- d-----w- C:\ProgramData\Ask
2012-02-05 23:10:54 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-02-05 23:10:27 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-02-05 23:10:26 -------- d-----w- C:\Program Files\McAfee.com
2012-02-05 23:10:25 -------- d-----w- C:\Program Files\McAfee
2012-02-05 23:10:20 -------- d-----w- C:\Program Files (x86)\McAfee
2012-01-25 04:49:08 -------- d-----w- C:\Program Files (x86)\LP
2012-01-25 04:48:57 279552 ----a-w- C:\Users\Andrew\AppData\Roaming\iexplore.exe
2012-01-25 03:49:51 -------- d-----w- C:\Users\Andrew\AppData\Roaming\AF644
2012-01-25 03:48:42 -------- d-----w- C:\Users\Andrew\AppData\Roaming\424AF
2012-01-19 22:21:41 -------- d-----we C:\Windows\system64
2012-01-18 01:37:34 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1812F503-EF29-4030-A693-4DC2886BC316}\mpengine.dll
2012-01-12 01:28:34 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-12 01:28:34 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-12 01:28:34 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-12 01:28:34 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-12 01:28:31 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-12 01:28:31 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-12 01:28:28 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-12 01:28:28 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M ====================
.
2011-12-06 22:25:40 161168 ----a-w- C:\Windows\System32\mfevtps.exe
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 19:56:34.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:34 PM

Posted 05 February 2012 - 08:58 PM

Hello sharondelray,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


3.
Please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.



Things to include in your next reply::
TDssKiller log
Combofix.txt
Results.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 sharondelray

sharondelray
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 05 February 2012 - 09:47 PM

TDSS Killer log-

21:02:34.0418 3320 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
21:02:34.0808 3320 ============================================================
21:02:34.0808 3320 Current date / time: 2012/02/05 21:02:34.0808
21:02:34.0808 3320 SystemInfo:
21:02:34.0808 3320
21:02:34.0808 3320 OS Version: 6.1.7600 ServicePack: 0.0
21:02:34.0808 3320 Product type: Workstation
21:02:34.0808 3320 ComputerName: ANDREW-PC
21:02:34.0808 3320 UserName: Andrew
21:02:34.0808 3320 Windows directory: C:\Windows
21:02:34.0808 3320 System windows directory: C:\Windows
21:02:34.0808 3320 Running under WOW64
21:02:34.0808 3320 Processor architecture: Intel x64
21:02:34.0808 3320 Number of processors: 2
21:02:34.0808 3320 Page size: 0x1000
21:02:34.0808 3320 Boot type: Normal boot
21:02:34.0808 3320 ============================================================
21:02:36.0383 3320 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:02:36.0383 3320 \Device\Harddisk0\DR0:
21:02:36.0383 3320 MBR used
21:02:36.0383 3320 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
21:02:36.0383 3320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
21:02:36.0414 3320 Initialize success
21:02:36.0414 3320 ============================================================
21:02:49.0331 2692 ============================================================
21:02:49.0331 2692 Scan started
21:02:49.0331 2692 Mode: Manual;
21:02:49.0331 2692 ============================================================
21:02:50.0751 2692 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:02:50.0766 2692 1394ohci - ok
21:02:50.0813 2692 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:02:50.0829 2692 ACPI - ok
21:02:50.0844 2692 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:02:50.0844 2692 AcpiPmi - ok
21:02:50.0922 2692 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:02:50.0938 2692 adp94xx - ok
21:02:50.0985 2692 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:02:51.0000 2692 adpahci - ok
21:02:51.0016 2692 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:02:51.0016 2692 adpu320 - ok
21:02:51.0266 2692 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:02:51.0266 2692 AFD - ok
21:02:51.0328 2692 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:02:51.0328 2692 agp440 - ok
21:02:51.0375 2692 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:02:51.0375 2692 aliide - ok
21:02:51.0390 2692 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:02:51.0390 2692 amdide - ok
21:02:51.0422 2692 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:02:51.0422 2692 AmdK8 - ok
21:02:51.0453 2692 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:02:51.0453 2692 AmdPPM - ok
21:02:51.0500 2692 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:02:51.0515 2692 amdsata - ok
21:02:51.0593 2692 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:02:51.0593 2692 amdsbs - ok
21:02:51.0624 2692 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:02:51.0624 2692 amdxata - ok
21:02:51.0687 2692 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:02:51.0687 2692 AppID - ok
21:02:51.0749 2692 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:02:51.0749 2692 arc - ok
21:02:51.0749 2692 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:02:51.0765 2692 arcsas - ok
21:02:51.0796 2692 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:02:51.0796 2692 AsyncMac - ok
21:02:51.0812 2692 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:02:51.0812 2692 atapi - ok
21:02:51.0921 2692 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
21:02:51.0983 2692 athr - ok
21:02:52.0186 2692 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys
21:02:52.0342 2692 atikmdag - ok
21:02:52.0373 2692 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:02:52.0389 2692 AtiPcie - ok
21:02:52.0482 2692 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:02:52.0498 2692 b06bdrv - ok
21:02:52.0545 2692 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:02:52.0545 2692 b57nd60a - ok
21:02:52.0592 2692 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:02:52.0592 2692 Beep - ok
21:02:52.0638 2692 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:02:52.0638 2692 blbdrive - ok
21:02:52.0716 2692 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:02:52.0716 2692 bowser - ok
21:02:52.0763 2692 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:02:52.0763 2692 BrFiltLo - ok
21:02:52.0779 2692 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:02:52.0779 2692 BrFiltUp - ok
21:02:52.0810 2692 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:02:52.0810 2692 Brserid - ok
21:02:52.0826 2692 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:02:52.0826 2692 BrSerWdm - ok
21:02:52.0841 2692 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:02:52.0841 2692 BrUsbMdm - ok
21:02:52.0857 2692 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:02:52.0872 2692 BrUsbSer - ok
21:02:52.0904 2692 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:02:52.0904 2692 BTHMODEM - ok
21:02:53.0091 2692 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
21:02:53.0091 2692 CAXHWAZL - ok
21:02:53.0216 2692 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:02:53.0231 2692 cdfs - ok
21:02:53.0372 2692 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:02:53.0387 2692 cdrom - ok
21:02:53.0590 2692 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
21:02:53.0590 2692 cfwids - ok
21:02:53.0684 2692 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:02:53.0684 2692 circlass - ok
21:02:53.0746 2692 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:02:53.0762 2692 CLFS - ok
21:02:53.0996 2692 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:02:53.0996 2692 CmBatt - ok
21:02:54.0074 2692 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:02:54.0074 2692 cmdide - ok
21:02:54.0183 2692 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:02:54.0198 2692 CNG - ok
21:02:54.0339 2692 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:02:54.0354 2692 Compbatt - ok
21:02:54.0401 2692 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:02:54.0417 2692 CompositeBus - ok
21:02:54.0510 2692 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:02:54.0510 2692 crcdisk - ok
21:02:54.0588 2692 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:02:54.0588 2692 DfsC - ok
21:02:54.0604 2692 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:02:54.0604 2692 discache - ok
21:02:54.0651 2692 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:02:54.0651 2692 Disk - ok
21:02:54.0682 2692 DKbFltr - ok
21:02:54.0729 2692 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:02:54.0729 2692 drmkaud - ok
21:02:54.0791 2692 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:02:54.0838 2692 DXGKrnl - ok
21:02:54.0963 2692 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:02:55.0056 2692 ebdrv - ok
21:02:55.0119 2692 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:02:55.0134 2692 elxstor - ok
21:02:55.0166 2692 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:02:55.0166 2692 ErrDev - ok
21:02:55.0212 2692 ETD (a77cafa16b7a9d5bcb8cd2572c3224b8) C:\Windows\system32\DRIVERS\ETD.sys
21:02:55.0228 2692 ETD - ok
21:02:55.0259 2692 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:02:55.0259 2692 exfat - ok
21:02:55.0290 2692 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:02:55.0290 2692 fastfat - ok
21:02:55.0337 2692 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:02:55.0337 2692 fdc - ok
21:02:55.0400 2692 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:02:55.0400 2692 FileInfo - ok
21:02:55.0431 2692 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:02:55.0431 2692 Filetrace - ok
21:02:55.0462 2692 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:02:55.0462 2692 flpydisk - ok
21:02:55.0509 2692 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:02:55.0509 2692 FltMgr - ok
21:02:55.0556 2692 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:02:55.0556 2692 FsDepends - ok
21:02:55.0571 2692 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:02:55.0587 2692 Fs_Rec - ok
21:02:55.0649 2692 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:02:55.0665 2692 fvevol - ok
21:02:55.0696 2692 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:02:55.0696 2692 gagp30kx - ok
21:02:55.0758 2692 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:02:55.0774 2692 GEARAspiWDM - ok
21:02:55.0868 2692 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:02:55.0868 2692 hcw85cir - ok
21:02:55.0914 2692 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:02:55.0930 2692 HdAudAddService - ok
21:02:55.0992 2692 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:02:55.0992 2692 HDAudBus - ok
21:02:56.0024 2692 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:02:56.0024 2692 HidBatt - ok
21:02:56.0039 2692 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:02:56.0039 2692 HidBth - ok
21:02:56.0070 2692 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:02:56.0070 2692 HidIr - ok
21:02:56.0102 2692 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:02:56.0102 2692 HidUsb - ok
21:02:56.0148 2692 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:02:56.0148 2692 HpSAMD - ok
21:02:56.0226 2692 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
21:02:56.0273 2692 HSF_DPV - ok
21:02:56.0336 2692 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:02:56.0367 2692 HTTP - ok
21:02:56.0382 2692 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:02:56.0382 2692 hwpolicy - ok
21:02:56.0445 2692 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:02:56.0445 2692 i8042prt - ok
21:02:56.0492 2692 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:02:56.0507 2692 iaStorV - ok
21:02:56.0538 2692 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:02:56.0538 2692 iirsp - ok
21:02:56.0694 2692 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
21:02:56.0757 2692 IntcAzAudAddService - ok
21:02:56.0788 2692 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:02:56.0788 2692 intelide - ok
21:02:56.0835 2692 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:02:56.0835 2692 intelppm - ok
21:02:56.0882 2692 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:02:56.0882 2692 IpFilterDriver - ok
21:02:56.0897 2692 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:02:56.0897 2692 IPMIDRV - ok
21:02:56.0928 2692 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:02:56.0944 2692 IPNAT - ok
21:02:56.0991 2692 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:02:56.0991 2692 IRENUM - ok
21:02:57.0006 2692 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:02:57.0006 2692 isapnp - ok
21:02:57.0038 2692 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:02:57.0038 2692 iScsiPrt - ok
21:02:57.0100 2692 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys
21:02:57.0100 2692 k57nd60a - ok
21:02:57.0147 2692 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:02:57.0147 2692 kbdclass - ok
21:02:57.0178 2692 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:02:57.0178 2692 kbdhid - ok
21:02:57.0225 2692 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:02:57.0225 2692 KSecDD - ok
21:02:57.0240 2692 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:02:57.0240 2692 KSecPkg - ok
21:02:57.0272 2692 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:02:57.0272 2692 ksthunk - ok
21:02:57.0350 2692 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:02:57.0350 2692 lltdio - ok
21:02:57.0412 2692 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:02:57.0412 2692 LSI_FC - ok
21:02:57.0459 2692 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:02:57.0459 2692 LSI_SAS - ok
21:02:57.0490 2692 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:02:57.0490 2692 LSI_SAS2 - ok
21:02:57.0521 2692 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:02:57.0521 2692 LSI_SCSI - ok
21:02:57.0552 2692 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:02:57.0552 2692 luafv - ok
21:02:57.0693 2692 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:02:57.0693 2692 mdmxsdk - ok
21:02:57.0724 2692 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:02:57.0740 2692 megasas - ok
21:02:57.0771 2692 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:02:57.0771 2692 MegaSR - ok
21:02:57.0849 2692 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
21:02:57.0849 2692 mfeapfk - ok
21:02:57.0927 2692 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
21:02:57.0942 2692 mfeavfk - ok
21:02:57.0958 2692 mfeavfk01 - ok
21:02:58.0067 2692 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
21:02:58.0098 2692 mfefirek - ok
21:02:58.0161 2692 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
21:02:58.0176 2692 mfehidk - ok
21:02:58.0254 2692 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
21:02:58.0254 2692 mfenlfk - ok
21:02:58.0332 2692 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
21:02:58.0348 2692 mferkdet - ok
21:02:58.0410 2692 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
21:02:58.0426 2692 mfewfpk - ok
21:02:58.0504 2692 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:02:58.0504 2692 Modem - ok
21:02:58.0551 2692 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:02:58.0551 2692 monitor - ok
21:02:58.0598 2692 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:02:58.0613 2692 mouclass - ok
21:02:58.0629 2692 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:02:58.0629 2692 mouhid - ok
21:02:58.0660 2692 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:02:58.0660 2692 mountmgr - ok
21:02:58.0691 2692 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:02:58.0691 2692 mpio - ok
21:02:58.0722 2692 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:02:58.0722 2692 mpsdrv - ok
21:02:58.0738 2692 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:02:58.0754 2692 MRxDAV - ok
21:02:58.0800 2692 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:02:58.0800 2692 mrxsmb - ok
21:02:58.0847 2692 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:02:58.0863 2692 mrxsmb10 - ok
21:02:58.0878 2692 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:02:58.0894 2692 mrxsmb20 - ok
21:02:58.0910 2692 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:02:58.0910 2692 msahci - ok
21:02:58.0941 2692 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:02:58.0941 2692 msdsm - ok
21:02:59.0003 2692 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:02:59.0003 2692 Msfs - ok
21:02:59.0034 2692 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:02:59.0034 2692 mshidkmdf - ok
21:02:59.0050 2692 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:02:59.0050 2692 msisadrv - ok
21:02:59.0097 2692 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:02:59.0097 2692 MSKSSRV - ok
21:02:59.0128 2692 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:02:59.0128 2692 MSPCLOCK - ok
21:02:59.0144 2692 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:02:59.0144 2692 MSPQM - ok
21:02:59.0175 2692 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:02:59.0175 2692 MsRPC - ok
21:02:59.0206 2692 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:02:59.0206 2692 mssmbios - ok
21:02:59.0222 2692 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:02:59.0237 2692 MSTEE - ok
21:02:59.0237 2692 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:02:59.0237 2692 MTConfig - ok
21:02:59.0284 2692 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:02:59.0284 2692 Mup - ok
21:02:59.0362 2692 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:02:59.0378 2692 NativeWifiP - ok
21:02:59.0456 2692 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:02:59.0487 2692 NDIS - ok
21:02:59.0518 2692 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:02:59.0534 2692 NdisCap - ok
21:02:59.0580 2692 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:02:59.0580 2692 NdisTapi - ok
21:02:59.0627 2692 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:02:59.0627 2692 Ndisuio - ok
21:02:59.0658 2692 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:02:59.0674 2692 NdisWan - ok
21:02:59.0690 2692 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:02:59.0690 2692 NDProxy - ok
21:02:59.0736 2692 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:02:59.0736 2692 NetBIOS - ok
21:02:59.0768 2692 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:02:59.0768 2692 NetBT - ok
21:02:59.0814 2692 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:02:59.0814 2692 nfrd960 - ok
21:02:59.0846 2692 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:02:59.0846 2692 Npfs - ok
21:02:59.0877 2692 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:02:59.0877 2692 nsiproxy - ok
21:02:59.0970 2692 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:03:00.0033 2692 Ntfs - ok
21:03:00.0064 2692 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
21:03:00.0064 2692 NTIDrvr - ok
21:03:00.0080 2692 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:03:00.0080 2692 Null - ok
21:03:00.0142 2692 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:03:00.0142 2692 nvraid - ok
21:03:00.0189 2692 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:03:00.0204 2692 nvstor - ok
21:03:00.0220 2692 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:03:00.0220 2692 nv_agp - ok
21:03:00.0251 2692 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:03:00.0251 2692 ohci1394 - ok
21:03:00.0376 2692 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:03:00.0376 2692 Parport - ok
21:03:00.0407 2692 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:03:00.0407 2692 partmgr - ok
21:03:00.0438 2692 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:03:00.0438 2692 pci - ok
21:03:00.0470 2692 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:03:00.0485 2692 pciide - ok
21:03:00.0516 2692 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:03:00.0516 2692 pcmcia - ok
21:03:00.0532 2692 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:03:00.0532 2692 pcw - ok
21:03:00.0579 2692 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:03:00.0594 2692 PEAUTH - ok
21:03:00.0688 2692 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:03:00.0688 2692 PptpMiniport - ok
21:03:00.0704 2692 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:03:00.0704 2692 Processor - ok
21:03:00.0766 2692 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:03:00.0766 2692 Psched - ok
21:03:00.0828 2692 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:03:00.0875 2692 ql2300 - ok
21:03:00.0938 2692 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:03:00.0938 2692 ql40xx - ok
21:03:00.0969 2692 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:03:00.0969 2692 QWAVEdrv - ok
21:03:00.0984 2692 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:03:00.0984 2692 RasAcd - ok
21:03:01.0047 2692 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:03:01.0047 2692 RasAgileVpn - ok
21:03:01.0094 2692 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:03:01.0094 2692 Rasl2tp - ok
21:03:01.0125 2692 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:03:01.0140 2692 RasPppoe - ok
21:03:01.0187 2692 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:03:01.0187 2692 RasSstp - ok
21:03:01.0218 2692 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:03:01.0218 2692 rdbss - ok
21:03:01.0250 2692 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:03:01.0250 2692 rdpbus - ok
21:03:01.0296 2692 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:03:01.0296 2692 RDPCDD - ok
21:03:01.0328 2692 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:03:01.0328 2692 RDPENCDD - ok
21:03:01.0374 2692 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:03:01.0374 2692 RDPREFMP - ok
21:03:01.0406 2692 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:03:01.0406 2692 RDPWD - ok
21:03:01.0437 2692 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:03:01.0437 2692 rdyboost - ok
21:03:01.0530 2692 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:03:01.0530 2692 rspndr - ok
21:03:01.0593 2692 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
21:03:01.0593 2692 RSUSBSTOR - ok
21:03:01.0655 2692 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
21:03:01.0671 2692 RTHDMIAzAudService - ok
21:03:01.0702 2692 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:03:01.0702 2692 sbp2port - ok
21:03:01.0733 2692 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:03:01.0733 2692 scfilter - ok
21:03:01.0796 2692 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:03:01.0796 2692 secdrv - ok
21:03:01.0842 2692 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:03:01.0842 2692 Serenum - ok
21:03:01.0874 2692 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:03:01.0889 2692 Serial - ok
21:03:01.0889 2692 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:03:01.0889 2692 sermouse - ok
21:03:01.0920 2692 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:03:01.0920 2692 sffdisk - ok
21:03:01.0936 2692 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:03:01.0936 2692 sffp_mmc - ok
21:03:01.0952 2692 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:03:01.0952 2692 sffp_sd - ok
21:03:01.0967 2692 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:03:01.0967 2692 sfloppy - ok
21:03:01.0983 2692 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:03:01.0983 2692 SiSRaid2 - ok
21:03:01.0998 2692 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:03:01.0998 2692 SiSRaid4 - ok
21:03:02.0030 2692 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:03:02.0030 2692 Smb - ok
21:03:02.0092 2692 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:03:02.0092 2692 spldr - ok
21:03:02.0154 2692 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:03:02.0154 2692 srv - ok
21:03:02.0186 2692 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:03:02.0186 2692 srv2 - ok
21:03:02.0232 2692 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:03:02.0232 2692 srvnet - ok
21:03:02.0279 2692 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:03:02.0279 2692 stexstor - ok
21:03:02.0326 2692 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:03:02.0326 2692 swenum - ok
21:03:02.0435 2692 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
21:03:02.0498 2692 Tcpip - ok
21:03:02.0576 2692 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
21:03:02.0607 2692 TCPIP6 - ok
21:03:02.0654 2692 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:03:02.0654 2692 tcpipreg - ok
21:03:02.0700 2692 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:03:02.0700 2692 TDPIPE - ok
21:03:02.0732 2692 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:03:02.0732 2692 TDTCP - ok
21:03:02.0763 2692 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:03:02.0763 2692 tdx - ok
21:03:02.0810 2692 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:03:02.0825 2692 TermDD - ok
21:03:02.0872 2692 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:03:02.0872 2692 tssecsrv - ok
21:03:02.0934 2692 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:03:02.0934 2692 tunnel - ok
21:03:02.0966 2692 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:03:02.0966 2692 uagp35 - ok
21:03:02.0981 2692 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
21:03:02.0997 2692 UBHelper - ok
21:03:03.0028 2692 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:03:03.0028 2692 udfs - ok
21:03:03.0059 2692 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:03:03.0059 2692 uliagpkx - ok
21:03:03.0090 2692 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:03:03.0090 2692 umbus - ok
21:03:03.0106 2692 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:03:03.0106 2692 UmPass - ok
21:03:03.0168 2692 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
21:03:03.0168 2692 usbccgp - ok
21:03:03.0215 2692 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:03:03.0215 2692 usbcir - ok
21:03:03.0246 2692 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
21:03:03.0246 2692 usbehci - ok
21:03:03.0309 2692 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
21:03:03.0309 2692 usbfilter - ok
21:03:03.0371 2692 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:03:03.0371 2692 usbhub - ok
21:03:03.0434 2692 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
21:03:03.0434 2692 usbohci - ok
21:03:03.0465 2692 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:03:03.0465 2692 usbprint - ok
21:03:03.0512 2692 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:03:03.0512 2692 USBSTOR - ok
21:03:03.0558 2692 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
21:03:03.0558 2692 usbuhci - ok
21:03:03.0605 2692 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
21:03:03.0621 2692 usbvideo - ok
21:03:03.0636 2692 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:03:03.0636 2692 vdrvroot - ok
21:03:03.0683 2692 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:03:03.0683 2692 vga - ok
21:03:03.0714 2692 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:03:03.0714 2692 VgaSave - ok
21:03:03.0746 2692 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:03:03.0746 2692 vhdmp - ok
21:03:03.0761 2692 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:03:03.0761 2692 viaide - ok
21:03:03.0777 2692 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:03:03.0777 2692 volmgr - ok
21:03:03.0808 2692 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:03:03.0808 2692 volmgrx - ok
21:03:03.0839 2692 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:03:03.0839 2692 volsnap - ok
21:03:03.0870 2692 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:03:03.0870 2692 vsmraid - ok
21:03:03.0886 2692 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:03:03.0886 2692 vwifibus - ok
21:03:03.0948 2692 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:03:03.0948 2692 vwififlt - ok
21:03:03.0964 2692 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:03:03.0964 2692 WacomPen - ok
21:03:03.0980 2692 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:03:03.0995 2692 WANARP - ok
21:03:03.0995 2692 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:03:03.0995 2692 Wanarpv6 - ok
21:03:04.0026 2692 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:03:04.0026 2692 Wd - ok
21:03:04.0073 2692 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:03:04.0089 2692 Wdf01000 - ok
21:03:04.0136 2692 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:03:04.0136 2692 WfpLwf - ok
21:03:04.0167 2692 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:03:04.0167 2692 WIMMount - ok
21:03:04.0214 2692 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
21:03:04.0229 2692 winachsf - ok
21:03:04.0323 2692 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:03:04.0323 2692 WmiAcpi - ok
21:03:04.0354 2692 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:03:04.0354 2692 ws2ifsl - ok
21:03:04.0385 2692 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:03:04.0385 2692 WudfPf - ok
21:03:04.0416 2692 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
21:03:04.0432 2692 XAudio - ok
21:03:04.0479 2692 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:03:04.0541 2692 \Device\Harddisk0\DR0 - ok
21:03:04.0541 2692 Boot (0x1200) (30d899baf0d2c1955058e906115232d6) \Device\Harddisk0\DR0\Partition0
21:03:04.0557 2692 \Device\Harddisk0\DR0\Partition0 - ok
21:03:04.0572 2692 Boot (0x1200) (5c761d17e7462c1d8bda84ba6fc155db) \Device\Harddisk0\DR0\Partition1
21:03:04.0572 2692 \Device\Harddisk0\DR0\Partition1 - ok
21:03:04.0572 2692 ============================================================
21:03:04.0572 2692 Scan finished
21:03:04.0572 2692 ============================================================
21:03:04.0604 0500 Detected object count: 0
21:03:04.0604 0500 Actual detected object count: 0
21:03:23.0370 4836 Deinitialize success


Combofix-

ComboFix 12-02-05.02 - Andrew 02/05/2012 21:22:13.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1839 [GMT -5:00]
Running from: c:\users\Andrew\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\kwrd.dll
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\Temp\_ex-68.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
.
.
2012-02-06 02:32 . 2012-02-06 02:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-05 23:10 . 2012-02-06 00:35 -------- d-----w- c:\program files\McAfee
2012-02-05 23:10 . 2012-02-06 00:47 -------- d-----w- c:\program files (x86)\McAfee
2012-02-05 23:02 . 2012-02-05 23:12 -------- d-----w- c:\programdata\McAfee
2012-01-25 03:49 . 2012-02-06 00:52 -------- d-----w- c:\users\Andrew\AppData\Roaming\AF644
2012-01-25 03:48 . 2012-02-06 00:53 -------- d-----w- c:\users\Andrew\AppData\Roaming\424AF
2012-01-21 09:49 . 2012-01-21 09:49 -------- d-----w- c:\windows\SysWow64\config\systemprofile\Tracing
2012-01-18 01:37 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1812F503-EF29-4030-A693-4DC2886BC316}\mpengine.dll
2012-01-12 01:28 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 01:28 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 01:28 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-12 01:28 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-12 01:28 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 01:28 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-12 01:28 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-12 01:28 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-06 22:25 . 2011-03-13 15:45 161168 ----a-w- c:\windows\system32\mfevtps.exe
2011-11-24 05:00 . 2011-12-16 03:29 3141632 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-09-24 244480]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2009-07-28 1507448]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
c:\users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-09-24 62720]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 18:39]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 18:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-09-30 823840]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-10-01 621440]
"combofix"="c:\combofix\CF18581.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
imagesrv
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv73&r=27361210l525l0414z1h5a4712x388
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:58263
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: mswsock.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-TVPlanet - (no file)
Wow6432Node-HKCU-Run-RadioPlanet - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2012-02-05 21:41:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-06 02:41
.
Pre-Run: 247,329,185,792 bytes free
Post-Run: 248,447,463,424 bytes free
.
- - End Of File - - 89FF7E4EAA4589680B331B331928921B


ListParts Results-

ListParts by Farbar
Ran by Andrew on 05-02-2012 at 21:43:09
Windows 7 (X64)
Running From: C:\Users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F03C6R61
************************************************************

========================= Memory info ======================

Percentage of memory in use: 38%
Total physical RAM: 2812.2 MB
Available physical RAM: 1728.93 MB
Total Pagefile: 5622.55 MB
Available Pagefile: 4282.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (Gateway) (Fixed) (Total:284.99 GB) (Free:231.46 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 284 GB 13 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 PQSERVICE NTFS Partition 13 GB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM RESE NTFS Partition 100 MB Healthy System (partition with boot components)

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Gateway NTFS Partition 284 GB Healthy Boot



****** End Of Log ******


Everything was working fine but now it's doing this "Startup Repair" thing and won't load correctly!

Edited by sharondelray, 06 February 2012 - 07:11 PM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:34 PM

Posted 08 February 2012 - 03:06 PM

How is the machine running? Still loading up?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 sharondelray

sharondelray
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 09 February 2012 - 01:41 AM

Only sometimes. Most times Start-Up repair will do its thing.

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:34 PM

Posted 09 February 2012 - 01:46 AM

Hello,

Do you have a Windows 7 Installation disc?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 sharondelray

sharondelray
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 09 February 2012 - 05:56 PM

I don't anymore unfortunately.

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:34 PM

Posted 09 February 2012 - 08:10 PM

Hello,

Is the system starting up ok or still having problems?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:34 PM

Posted 12 February 2012 - 11:47 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:34 PM

Posted 14 February 2012 - 10:34 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users