Jump to content

Google Redirects, WiFi Disabled and Attempt to Connect to Random IP


elx
 Share

Recommended Posts

I've been having several issues with my PC lately, even after attempting to restore my system from a clean set of recovery media from Gateway.

1) Any links from a google search get redirected to random websites.

2) I have been unable to get my computer to recognize my wireless adapter, even after grabbing updated drivers.

3) Since the last restore attempt, Malwarebytes has picked up one attempt to connect to a random IP address:

15:58:34 elx MESSAGE Protection started successfully

15:58:38 elx MESSAGE IP Protection started successfully

16:23:55 elx IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 50554, Process: iexplore.exe)

4) Although it hasn't popped up since the last restore, Internet Explorer processes were randomly starting on their own in the past, even though no IE window was accessible.

Malewarebytes, Spybot and Norton are all coming up clean when scans are run. Logs below:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8211

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

11/22/2011 12:18:57 PM

mbam-log-2011-11-22 (12-18-57).txt

Scan type: Quick scan

Objects scanned: 172360

Time elapsed: 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by elx at 12:21:48 on 2011-11-22

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6057 [GMT -5:00]

.

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\OEM\USBDECTION\USBS3S4Detection.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe

C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17361111z316p0495v1i5k45i1r49n

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17361111z316p0495v1i5k45i1r49n

mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17361111z316p0495v1i5k45i1r49n

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17361111z316p0495v1i5k45i1r49n

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL

BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\elx\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BESTBU~1.LNK - C:\Program Files (x86)\Best Buy Software Installer\Best Buy Software Installer.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{0DBE69A3-F53C-486B-BD0F-46735CED41F9} : DhcpNameServer = 192.168.0.1

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]

R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1107000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1107000.00C\ccHPx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20111119.031\IDSviA64.sys [2011-11-21 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1107000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1107000.00C\Ironx64.SYS [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [2011-11-21 126392]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-11-17 255744]

R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-4-21 243232]

R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2010-4-21 76320]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-21 138360]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\drivers\NISx64\1101000.013\SYMTDIV.SYS --> C:\Windows\system32\drivers\NISx64\1101000.013\SYMTDIV.SYS [?]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 135664]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-21 366152]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-21 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-21 79360]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 135664]

S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-4-21 332272]

.

=============== Created Last 30 ================

.

2011-11-22 03:05:40 615040 ----a-w- C:\Windows\System32\drivers\NISx64\1107000.00C\cchpx64.sys

2011-11-22 03:05:40 505392 ----a-w- C:\Windows\System32\drivers\NISx64\1107000.00C\srtsp64.sys

2011-11-22 03:05:40 451120 ----a-w- C:\Windows\System32\drivers\NISx64\1107000.00C\symtdiv.sys

2011-11-22 03:05:40 433200 ----a-r- C:\Windows\System32\drivers\NISx64\1107000.00C\symds64.sys

2011-11-22 03:05:40 32304 ----a-w- C:\Windows\System32\drivers\NISx64\1107000.00C\srtspx64.sys

2011-11-22 03:05:40 221232 ----a-w- C:\Windows\System32\drivers\NISx64\1107000.00C\symefa64.sys

2011-11-22 03:05:40 150064 ----a-w- C:\Windows\System32\drivers\NISx64\1107000.00C\ironx64.sys

2011-11-22 03:05:32 -------- d-----w- C:\Windows\System32\drivers\NISx64\1107000.00C

2011-11-22 02:50:37 220672 ----a-w- C:\Windows\System32\wintrust.dll

2011-11-22 02:50:37 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2011-11-22 02:50:37 139264 ----a-w- C:\Windows\System32\cabview.dll

2011-11-22 02:50:37 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2011-11-21 22:46:33 0 ----a-w- C:\Windows\ativpsrm.bin

2011-11-21 22:45:43 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd

2011-11-21 22:41:11 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2011-11-21 22:40:31 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2011-11-21 22:40:12 -------- d-----w- C:\Program Files\ATI

2011-11-21 22:40:11 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2011-11-21 21:25:17 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2011-11-21 21:15:52 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-11-21 21:15:52 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-11-21 20:58:11 -------- d-----w- C:\Users\elx\AppData\Roaming\Malwarebytes

2011-11-21 20:58:02 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-21 20:57:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-21 20:34:05 -------- d-----w- C:\ProgramData\Ralink Driver

2011-11-21 20:33:49 -------- d-----w- C:\Users\elx\AppData\Local\CrashDumps

2011-11-21 20:31:52 -------- d-----w- C:\Users\elx\AppData\Local\Google

2011-11-21 20:18:12 -------- d-----w- C:\Users\elx\AppData\Local\ElevatedDiagnostics

2011-11-21 20:14:54 -------- d-----w- C:\Users\elx\AppData\Local\Best_Buy®

2011-11-21 20:08:08 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2011-11-21 20:01:20 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2011-11-21 20:01:20 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2011-11-21 20:01:09 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2011-11-21 20:00:34 -------- d-----w- C:\Program Files (x86)\Microsoft

2011-11-21 20:00:17 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive

2011-11-21 19:59:46 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1e20d9121cca888\DSETUP.dll

2011-11-21 19:59:46 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1e20d9121cca888\DXSETUP.exe

2011-11-21 19:59:46 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1e20d9121cca888\dsetup32.dll

2011-11-21 19:59:31 140066664 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc2348.tmp

2011-11-21 19:59:27 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2011-11-21 19:58:05 -------- d-----w- C:\ProgramData\Best Buy Software Installer

2011-11-21 19:58:05 -------- d-----w- C:\Program Files\Best Buy Software Installer

2011-11-21 19:58:04 -------- dc-h--w- C:\ProgramData\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}

2011-11-21 19:58:03 -------- d-----w- C:\Users\elx\AppData\Local\PackageAware

2011-11-21 19:57:04 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink

2011-11-21 19:56:12 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2011-11-21 19:56:12 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-11-21 19:56:12 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2011-11-21 19:53:52 -------- d-----w- C:\Program Files\Creative

2011-11-21 19:53:27 -------- d-----w- C:\Program Files (x86)\Creative

2011-11-21 19:53:23 -------- d-----w- C:\Users\elx\AppData\Local\Diagnostics

2011-11-21 19:53:16 -------- d-----w- C:\Users\elx\AppData\Local\ATI

2011-11-21 19:51:54 -------- d-----w- C:\Users\elx\AppData\Local\VirtualStore

.

==================== Find3M ====================

.

2011-11-21 19:54:37 466520 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-11-21 19:54:37 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-11-21 19:54:37 123480 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-11-21 19:54:37 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-11-21 19:52:43 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

.

============= FINISH: 12:29:41.39 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/21/2011 2:49:10 PM

System Uptime: 11/21/2011 9:51:54 PM (15 hours ago)

.

Motherboard: Gateway | | FX6840

Processor: Intel® Core i7 CPU 860 @ 2.80GHz | CPU 1 | 1176/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 916 GiB total, 881.974 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&DAE4155&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&DAE4155&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP1: 11/21/2011 2:53:07 PM - Installed THX TruStudio PC

RP2: 11/21/2011 2:55:58 PM - Installed PowerDVD

RP3: 11/21/2011 3:01:12 PM - Installed DirectX

RP4: 11/21/2011 3:33:55 PM - Installed Ralink RT2860 Wireless LAN Card

RP5: 11/21/2011 9:50:38 PM - Windows Update

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 2 (SP2)

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.1 MUI

Advertising Center

AMD DnD V1.0.19

Backup Manager Advance

Best Buy Software Installer

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Choice Guard

Compatibility Pack for the 2007 Office system

CyberLink PowerDVD 9

Gateway InfoCentre

Gateway MyBackup

Gateway Recovery Management

Gateway Registration

Gateway ScreenSaver

Gateway Updater

Google Toolbar for Internet Explorer

Google Update Helper

Identity Card

ImagXpress

Junk Mail filter update

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

MSVCRT

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

Norton Internet Security

Photo Frame

Ralink RT2860 Wireless LAN Card

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Spybot - Search & Destroy

System Requirements Lab CYRI

THX TruStudio PC

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office Word 2007 (KB974631)

Welcome Center

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

11/21/2011 9:54:31 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.

11/21/2011 9:54:31 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.

11/21/2011 5:38:50 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.

11/21/2011 3:30:04 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.101 with the system having network hardware address 16-DA-E9-08-46-87. Network operations on this system may be disrupted as a result.

.

==== End Of File ===========================

Link to post
Share on other sites

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).

2. Execute the file TDSSKiller.exe.

3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).

4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

Link to post
Share on other sites

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).

2. Execute the file TDSSKiller.exe.

3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).

4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

19:43:38.0917 4208 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

19:43:40.0665 4208 ============================================================

19:43:40.0665 4208 Current date / time: 2011/11/24 19:43:40.0665

19:43:40.0665 4208 SystemInfo:

19:43:40.0665 4208

19:43:40.0665 4208 OS Version: 6.1.7600 ServicePack: 0.0

19:43:40.0665 4208 Product type: Workstation

19:43:40.0665 4208 ComputerName: ELX-PC

19:43:40.0665 4208 UserName: elx

19:43:40.0665 4208 Windows directory: C:\Windows

19:43:40.0665 4208 System windows directory: C:\Windows

19:43:40.0665 4208 Running under WOW64

19:43:40.0665 4208 Processor architecture: Intel x64

19:43:40.0665 4208 Number of processors: 8

19:43:40.0665 4208 Page size: 0x1000

19:43:40.0665 4208 Boot type: Normal boot

19:43:40.0665 4208 ============================================================

19:43:41.0133 4208 Initialize success

19:43:46.0639 5280 ============================================================

19:43:46.0639 5280 Scan started

19:43:46.0639 5280 Mode: Manual;

19:43:46.0639 5280 ============================================================

19:43:47.0107 5280 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

19:43:47.0107 5280 1394ohci - ok

19:43:47.0139 5280 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

19:43:47.0139 5280 ACPI - ok

19:43:47.0154 5280 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

19:43:47.0154 5280 AcpiPmi - ok

19:43:47.0170 5280 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

19:43:47.0185 5280 adp94xx - ok

19:43:47.0185 5280 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

19:43:47.0201 5280 adpahci - ok

19:43:47.0201 5280 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

19:43:47.0201 5280 adpu320 - ok

19:43:47.0263 5280 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

19:43:47.0263 5280 AFD - ok

19:43:47.0279 5280 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

19:43:47.0279 5280 agp440 - ok

19:43:47.0295 5280 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

19:43:47.0295 5280 aliide - ok

19:43:47.0326 5280 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

19:43:47.0326 5280 amdide - ok

19:43:47.0341 5280 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

19:43:47.0341 5280 AmdK8 - ok

19:43:47.0466 5280 amdkmdag (9673319070166e26660eba4edf316fa2) C:\Windows\system32\DRIVERS\atipmdag.sys

19:43:47.0497 5280 amdkmdag - ok

19:43:47.0529 5280 amdkmdap (430d06d63952848e64cbbf23b5c1479e) C:\Windows\system32\DRIVERS\atikmpag.sys

19:43:47.0529 5280 amdkmdap - ok

19:43:47.0544 5280 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

19:43:47.0544 5280 AmdPPM - ok

19:43:47.0560 5280 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

19:43:47.0560 5280 amdsata - ok

19:43:47.0575 5280 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

19:43:47.0575 5280 amdsbs - ok

19:43:47.0575 5280 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

19:43:47.0575 5280 amdxata - ok

19:43:47.0607 5280 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

19:43:47.0622 5280 AppID - ok

19:43:47.0638 5280 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

19:43:47.0638 5280 arc - ok

19:43:47.0653 5280 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

19:43:47.0669 5280 arcsas - ok

19:43:47.0685 5280 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

19:43:47.0685 5280 AsyncMac - ok

19:43:47.0731 5280 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

19:43:47.0731 5280 atapi - ok

19:43:47.0763 5280 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys

19:43:47.0763 5280 AtiHdmiService - ok

19:43:47.0794 5280 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

19:43:47.0809 5280 b06bdrv - ok

19:43:47.0825 5280 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

19:43:47.0825 5280 b57nd60a - ok

19:43:47.0856 5280 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

19:43:47.0887 5280 Beep - ok

19:43:47.0997 5280 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20111114.002\BHDrvx64.sys

19:43:47.0997 5280 BHDrvx64 - ok

19:43:48.0028 5280 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

19:43:48.0028 5280 blbdrive - ok

19:43:48.0059 5280 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

19:43:48.0059 5280 bowser - ok

19:43:48.0075 5280 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:43:48.0075 5280 BrFiltLo - ok

19:43:48.0090 5280 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:43:48.0090 5280 BrFiltUp - ok

19:43:48.0106 5280 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

19:43:48.0106 5280 Brserid - ok

19:43:48.0121 5280 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

19:43:48.0121 5280 BrSerWdm - ok

19:43:48.0137 5280 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:43:48.0137 5280 BrUsbMdm - ok

19:43:48.0153 5280 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

19:43:48.0153 5280 BrUsbSer - ok

19:43:48.0168 5280 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

19:43:48.0168 5280 BTHMODEM - ok

19:43:48.0231 5280 ccHP (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\NISx64\1107000.00C\ccHPx64.sys

19:43:48.0231 5280 ccHP - ok

19:43:48.0262 5280 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

19:43:48.0262 5280 cdfs - ok

19:43:48.0262 5280 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

19:43:48.0277 5280 cdrom - ok

19:43:48.0293 5280 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

19:43:48.0293 5280 circlass - ok

19:43:48.0340 5280 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

19:43:48.0340 5280 CLFS - ok

19:43:48.0355 5280 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

19:43:48.0355 5280 CmBatt - ok

19:43:48.0371 5280 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

19:43:48.0371 5280 cmdide - ok

19:43:48.0387 5280 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

19:43:48.0387 5280 CNG - ok

19:43:48.0402 5280 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

19:43:48.0402 5280 Compbatt - ok

19:43:48.0418 5280 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

19:43:48.0418 5280 CompositeBus - ok

19:43:48.0433 5280 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

19:43:48.0433 5280 crcdisk - ok

19:43:48.0480 5280 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

19:43:48.0480 5280 DfsC - ok

19:43:48.0496 5280 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

19:43:48.0496 5280 discache - ok

19:43:48.0511 5280 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

19:43:48.0511 5280 Disk - ok

19:43:48.0527 5280 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

19:43:48.0527 5280 drmkaud - ok

19:43:48.0574 5280 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

19:43:48.0574 5280 DXGKrnl - ok

19:43:48.0652 5280 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

19:43:48.0667 5280 ebdrv - ok

19:43:48.0714 5280 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

19:43:48.0730 5280 eeCtrl - ok

19:43:48.0761 5280 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

19:43:48.0761 5280 elxstor - ok

19:43:48.0808 5280 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

19:43:48.0808 5280 EraserUtilRebootDrv - ok

19:43:48.0823 5280 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

19:43:48.0823 5280 ErrDev - ok

19:43:48.0855 5280 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

19:43:48.0886 5280 exfat - ok

19:43:48.0901 5280 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

19:43:48.0964 5280 fastfat - ok

19:43:48.0979 5280 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

19:43:48.0979 5280 fdc - ok

19:43:48.0995 5280 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

19:43:48.0995 5280 FileInfo - ok

19:43:49.0011 5280 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

19:43:49.0011 5280 Filetrace - ok

19:43:49.0011 5280 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

19:43:49.0011 5280 flpydisk - ok

19:43:49.0026 5280 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

19:43:49.0026 5280 FltMgr - ok

19:43:49.0042 5280 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

19:43:49.0042 5280 FsDepends - ok

19:43:49.0057 5280 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

19:43:49.0073 5280 Fs_Rec - ok

19:43:49.0104 5280 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

19:43:49.0104 5280 fvevol - ok

19:43:49.0135 5280 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

19:43:49.0135 5280 gagp30kx - ok

19:43:49.0182 5280 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

19:43:49.0182 5280 hcw85cir - ok

19:43:49.0213 5280 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

19:43:49.0229 5280 HdAudAddService - ok

19:43:49.0229 5280 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

19:43:49.0229 5280 HDAudBus - ok

19:43:49.0245 5280 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

19:43:49.0245 5280 HidBatt - ok

19:43:49.0260 5280 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

19:43:49.0260 5280 HidBth - ok

19:43:49.0276 5280 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

19:43:49.0276 5280 HidIr - ok

19:43:49.0291 5280 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

19:43:49.0291 5280 HidUsb - ok

19:43:49.0307 5280 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

19:43:49.0307 5280 HpSAMD - ok

19:43:49.0354 5280 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

19:43:49.0354 5280 HTTP - ok

19:43:49.0369 5280 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

19:43:49.0369 5280 hwpolicy - ok

19:43:49.0385 5280 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

19:43:49.0401 5280 i8042prt - ok

19:43:49.0432 5280 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys

19:43:49.0432 5280 iaStor - ok

19:43:49.0447 5280 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

19:43:49.0463 5280 iaStorV - ok

19:43:49.0525 5280 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20111124.030\IDSvia64.sys

19:43:49.0541 5280 IDSVia64 - ok

19:43:49.0557 5280 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

19:43:49.0557 5280 iirsp - ok

19:43:49.0619 5280 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys

19:43:49.0635 5280 IntcAzAudAddService - ok

19:43:49.0650 5280 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

19:43:49.0650 5280 intelide - ok

19:43:49.0666 5280 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

19:43:49.0666 5280 intelppm - ok

19:43:49.0681 5280 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:43:49.0681 5280 IpFilterDriver - ok

19:43:49.0697 5280 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

19:43:49.0697 5280 IPMIDRV - ok

19:43:49.0697 5280 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

19:43:49.0697 5280 IPNAT - ok

19:43:49.0713 5280 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

19:43:49.0713 5280 IRENUM - ok

19:43:49.0728 5280 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

19:43:49.0728 5280 isapnp - ok

19:43:49.0744 5280 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

19:43:49.0744 5280 iScsiPrt - ok

19:43:49.0759 5280 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

19:43:49.0759 5280 kbdclass - ok

19:43:49.0775 5280 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

19:43:49.0775 5280 kbdhid - ok

19:43:49.0791 5280 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

19:43:49.0791 5280 KSecDD - ok

19:43:49.0822 5280 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

19:43:49.0822 5280 KSecPkg - ok

19:43:49.0837 5280 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

19:43:49.0837 5280 ksthunk - ok

19:43:49.0884 5280 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

19:43:49.0900 5280 lltdio - ok

19:43:49.0915 5280 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

19:43:49.0915 5280 LSI_FC - ok

19:43:49.0931 5280 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

19:43:49.0931 5280 LSI_SAS - ok

19:43:49.0947 5280 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:43:49.0947 5280 LSI_SAS2 - ok

19:43:49.0962 5280 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:43:49.0962 5280 LSI_SCSI - ok

19:43:49.0993 5280 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

19:43:49.0993 5280 luafv - ok

19:43:50.0009 5280 MBAMProtector - ok

19:43:50.0040 5280 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys

19:43:50.0040 5280 MBfilt - ok

19:43:50.0056 5280 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

19:43:50.0056 5280 megasas - ok

19:43:50.0087 5280 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

19:43:50.0087 5280 MegaSR - ok

19:43:50.0103 5280 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

19:43:50.0103 5280 Modem - ok

19:43:50.0103 5280 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

19:43:50.0103 5280 monitor - ok

19:43:50.0134 5280 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

19:43:50.0134 5280 mouclass - ok

19:43:50.0134 5280 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

19:43:50.0134 5280 mouhid - ok

19:43:50.0149 5280 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

19:43:50.0149 5280 mountmgr - ok

19:43:50.0165 5280 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

19:43:50.0165 5280 mpio - ok

19:43:50.0181 5280 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

19:43:50.0181 5280 mpsdrv - ok

19:43:50.0212 5280 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

19:43:50.0212 5280 MRxDAV - ok

19:43:50.0243 5280 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:43:50.0243 5280 mrxsmb - ok

19:43:50.0274 5280 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:43:50.0274 5280 mrxsmb10 - ok

19:43:50.0290 5280 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:43:50.0290 5280 mrxsmb20 - ok

19:43:50.0305 5280 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

19:43:50.0305 5280 msahci - ok

19:43:50.0321 5280 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

19:43:50.0321 5280 msdsm - ok

19:43:50.0352 5280 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

19:43:50.0352 5280 Msfs - ok

19:43:50.0383 5280 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

19:43:50.0383 5280 mshidkmdf - ok

19:43:50.0399 5280 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

19:43:50.0399 5280 msisadrv - ok

19:43:50.0430 5280 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

19:43:50.0430 5280 MSKSSRV - ok

19:43:50.0446 5280 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

19:43:50.0446 5280 MSPCLOCK - ok

19:43:50.0446 5280 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

19:43:50.0446 5280 MSPQM - ok

19:43:50.0477 5280 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

19:43:50.0477 5280 MsRPC - ok

19:43:50.0508 5280 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

19:43:50.0508 5280 mssmbios - ok

19:43:50.0524 5280 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

19:43:50.0524 5280 MSTEE - ok

19:43:50.0539 5280 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

19:43:50.0539 5280 MTConfig - ok

19:43:50.0539 5280 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

19:43:50.0539 5280 Mup - ok

19:43:50.0586 5280 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

19:43:50.0586 5280 NativeWifiP - ok

19:43:50.0680 5280 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20111124.020\ENG64.SYS

19:43:50.0711 5280 NAVENG - ok

19:43:50.0742 5280 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20111124.020\EX64.SYS

19:43:50.0773 5280 NAVEX15 - ok

19:43:50.0805 5280 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

19:43:50.0805 5280 NDIS - ok

19:43:50.0820 5280 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

19:43:50.0820 5280 NdisCap - ok

19:43:50.0851 5280 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

19:43:50.0851 5280 NdisTapi - ok

19:43:50.0867 5280 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

19:43:50.0867 5280 Ndisuio - ok

19:43:50.0883 5280 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

19:43:50.0883 5280 NdisWan - ok

19:43:50.0914 5280 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

19:43:50.0961 5280 NDProxy - ok

19:43:50.0961 5280 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

19:43:50.0976 5280 NetBIOS - ok

19:43:50.0976 5280 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

19:43:50.0976 5280 NetBT - ok

19:43:51.0023 5280 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

19:43:51.0023 5280 nfrd960 - ok

19:43:51.0039 5280 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

19:43:51.0054 5280 Npfs - ok

19:43:51.0070 5280 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

19:43:51.0070 5280 nsiproxy - ok

19:43:51.0101 5280 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

19:43:51.0117 5280 Ntfs - ok

19:43:51.0148 5280 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys

19:43:51.0148 5280 NTIDrvr - ok

19:43:51.0163 5280 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

19:43:51.0163 5280 Null - ok

19:43:51.0179 5280 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

19:43:51.0179 5280 nvraid - ok

19:43:51.0195 5280 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

19:43:51.0195 5280 nvstor - ok

19:43:51.0210 5280 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

19:43:51.0210 5280 nv_agp - ok

19:43:51.0226 5280 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

19:43:51.0226 5280 ohci1394 - ok

19:43:51.0257 5280 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

19:43:51.0257 5280 Parport - ok

19:43:51.0273 5280 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

19:43:51.0273 5280 partmgr - ok

19:43:51.0288 5280 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

19:43:51.0288 5280 pci - ok

19:43:51.0304 5280 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

19:43:51.0304 5280 pciide - ok

19:43:51.0319 5280 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

19:43:51.0319 5280 pcmcia - ok

19:43:51.0319 5280 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

19:43:51.0319 5280 pcw - ok

19:43:51.0335 5280 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

19:43:51.0335 5280 PEAUTH - ok

19:43:51.0382 5280 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

19:43:51.0382 5280 PptpMiniport - ok

19:43:51.0382 5280 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

19:43:51.0397 5280 Processor - ok

19:43:51.0413 5280 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

19:43:51.0429 5280 Psched - ok

19:43:51.0475 5280 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

19:43:51.0491 5280 ql2300 - ok

19:43:51.0491 5280 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

19:43:51.0491 5280 ql40xx - ok

19:43:51.0507 5280 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

19:43:51.0507 5280 QWAVEdrv - ok

19:43:51.0507 5280 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

19:43:51.0522 5280 RasAcd - ok

19:43:51.0538 5280 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:43:51.0538 5280 RasAgileVpn - ok

19:43:51.0553 5280 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:43:51.0553 5280 Rasl2tp - ok

19:43:51.0569 5280 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

19:43:51.0569 5280 RasPppoe - ok

19:43:51.0569 5280 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

19:43:51.0569 5280 RasSstp - ok

19:43:51.0585 5280 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

19:43:51.0585 5280 rdbss - ok

19:43:51.0600 5280 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

19:43:51.0600 5280 rdpbus - ok

19:43:51.0600 5280 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:43:51.0600 5280 RDPCDD - ok

19:43:51.0616 5280 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

19:43:51.0616 5280 RDPENCDD - ok

19:43:51.0631 5280 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

19:43:51.0631 5280 RDPREFMP - ok

19:43:51.0647 5280 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

19:43:51.0694 5280 RDPWD - ok

19:43:51.0709 5280 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

19:43:51.0709 5280 rdyboost - ok

19:43:51.0756 5280 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

19:43:51.0756 5280 rspndr - ok

19:43:51.0787 5280 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys

19:43:51.0787 5280 RTL8167 - ok

19:43:51.0819 5280 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

19:43:51.0819 5280 sbp2port - ok

19:43:51.0850 5280 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

19:43:51.0850 5280 scfilter - ok

19:43:51.0865 5280 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:43:51.0881 5280 secdrv - ok

19:43:51.0897 5280 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

19:43:51.0897 5280 Serenum - ok

19:43:51.0912 5280 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

19:43:51.0912 5280 Serial - ok

19:43:51.0928 5280 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

19:43:51.0928 5280 sermouse - ok

19:43:51.0943 5280 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

19:43:51.0943 5280 sffdisk - ok

19:43:51.0943 5280 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

19:43:51.0959 5280 sffp_mmc - ok

19:43:51.0959 5280 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

19:43:51.0959 5280 sffp_sd - ok

19:43:51.0975 5280 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

19:43:51.0975 5280 sfloppy - ok

19:43:51.0975 5280 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:43:51.0975 5280 SiSRaid2 - ok

19:43:51.0990 5280 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

19:43:51.0990 5280 SiSRaid4 - ok

19:43:52.0006 5280 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

19:43:52.0006 5280 Smb - ok

19:43:52.0021 5280 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

19:43:52.0037 5280 spldr - ok

19:43:52.0068 5280 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1107000.00C\SRTSP64.SYS

19:43:52.0084 5280 SRTSP - ok

19:43:52.0099 5280 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1107000.00C\SRTSPX64.SYS

19:43:52.0099 5280 SRTSPX - ok

19:43:52.0131 5280 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

19:43:52.0131 5280 srv - ok

19:43:52.0162 5280 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

19:43:52.0162 5280 srv2 - ok

19:43:52.0177 5280 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

19:43:52.0193 5280 srvnet - ok

19:43:52.0224 5280 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

19:43:52.0224 5280 stexstor - ok

19:43:52.0271 5280 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

19:43:52.0271 5280 swenum - ok

19:43:52.0302 5280 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1107000.00C\SYMDS64.SYS

19:43:52.0318 5280 SymDS - ok

19:43:52.0349 5280 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\NISx64\1107000.00C\SYMEFA64.SYS

19:43:52.0349 5280 SymEFA - ok

19:43:52.0380 5280 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

19:43:52.0396 5280 SymEvent - ok

19:43:52.0411 5280 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1107000.00C\Ironx64.SYS

19:43:52.0411 5280 SymIRON - ok

19:43:52.0443 5280 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\NISx64\1107000.00C\SYMTDIV.SYS

19:43:52.0458 5280 SYMTDIv - ok

19:43:52.0521 5280 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

19:43:52.0536 5280 Tcpip - ok

19:43:52.0583 5280 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

19:43:52.0599 5280 TCPIP6 - ok

19:43:52.0630 5280 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

19:43:52.0630 5280 tcpipreg - ok

19:43:52.0630 5280 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

19:43:52.0645 5280 TDPIPE - ok

19:43:52.0645 5280 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

19:43:52.0645 5280 TDTCP - ok

19:43:52.0677 5280 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

19:43:52.0677 5280 tdx - ok

19:43:52.0692 5280 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

19:43:52.0692 5280 TermDD - ok

19:43:52.0723 5280 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:43:52.0723 5280 tssecsrv - ok

19:43:52.0739 5280 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

19:43:52.0739 5280 tunnel - ok

19:43:52.0755 5280 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

19:43:52.0755 5280 uagp35 - ok

19:43:52.0770 5280 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys

19:43:52.0770 5280 UBHelper - ok

19:43:52.0786 5280 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

19:43:52.0801 5280 udfs - ok

19:43:52.0817 5280 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

19:43:52.0817 5280 uliagpkx - ok

19:43:52.0833 5280 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

19:43:52.0833 5280 umbus - ok

19:43:52.0848 5280 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

19:43:52.0848 5280 UmPass - ok

19:43:52.0864 5280 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

19:43:52.0864 5280 usbccgp - ok

19:43:52.0895 5280 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

19:43:52.0895 5280 usbcir - ok

19:43:52.0911 5280 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

19:43:52.0911 5280 usbehci - ok

19:43:52.0926 5280 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

19:43:52.0926 5280 usbhub - ok

19:43:52.0942 5280 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

19:43:52.0942 5280 usbohci - ok

19:43:52.0942 5280 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

19:43:52.0942 5280 usbprint - ok

19:43:52.0957 5280 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:43:52.0957 5280 USBSTOR - ok

19:43:52.0973 5280 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

19:43:52.0973 5280 usbuhci - ok

19:43:52.0989 5280 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

19:43:52.0989 5280 vdrvroot - ok

19:43:53.0004 5280 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

19:43:53.0004 5280 vga - ok

19:43:53.0004 5280 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

19:43:53.0020 5280 VgaSave - ok

19:43:53.0035 5280 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

19:43:53.0035 5280 vhdmp - ok

19:43:53.0051 5280 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

19:43:53.0051 5280 viaide - ok

19:43:53.0067 5280 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

19:43:53.0067 5280 volmgr - ok

19:43:53.0082 5280 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

19:43:53.0082 5280 volmgrx - ok

19:43:53.0098 5280 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

19:43:53.0098 5280 volsnap - ok

19:43:53.0113 5280 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

19:43:53.0113 5280 vsmraid - ok

19:43:53.0113 5280 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

19:43:53.0113 5280 vwifibus - ok

19:43:53.0145 5280 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

19:43:53.0145 5280 WacomPen - ok

19:43:53.0160 5280 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

19:43:53.0160 5280 WANARP - ok

19:43:53.0160 5280 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

19:43:53.0160 5280 Wanarpv6 - ok

19:43:53.0191 5280 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

19:43:53.0191 5280 Wd - ok

19:43:53.0223 5280 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

19:43:53.0238 5280 Wdf01000 - ok

19:43:53.0269 5280 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

19:43:53.0269 5280 WfpLwf - ok

19:43:53.0285 5280 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

19:43:53.0285 5280 WIMMount - ok

19:43:53.0316 5280 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

19:43:53.0316 5280 WmiAcpi - ok

19:43:53.0332 5280 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

19:43:53.0332 5280 ws2ifsl - ok

19:43:53.0347 5280 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

19:43:53.0347 5280 WudfPf - ok

19:43:53.0363 5280 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:43:53.0363 5280 WUDFRd - ok

19:43:53.0379 5280 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

19:43:53.0394 5280 \Device\Harddisk0\DR0 - ok

19:43:53.0394 5280 Boot (0x1200) (f9040fa587ab174cd1eeba94e3b7e94d) \Device\Harddisk0\DR0\Partition0

19:43:53.0394 5280 \Device\Harddisk0\DR0\Partition0 - ok

19:43:53.0410 5280 Boot (0x1200) (ee047638d1f663ba6f34e212e60718a4) \Device\Harddisk0\DR0\Partition1

19:43:53.0410 5280 \Device\Harddisk0\DR0\Partition1 - ok

19:43:53.0410 5280 ============================================================

19:43:53.0410 5280 Scan finished

19:43:53.0410 5280 ============================================================

19:43:53.0425 4892 Detected object count: 0

19:43:53.0425 4892 Actual detected object count: 0

Link to post
Share on other sites

Hi

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Link to post
Share on other sites

ComboFix 11-11-25.01 - elx 11/25/2011 1:23.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6700 [GMT -5:00]

Running from: c:\users\elx\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 )))))))))))))))))))))))))))))))

.

.

2011-11-25 06:49 . 2011-11-25 06:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-25 06:04 . 2011-11-25 06:08 -------- d-----w- c:\windows\system32\drivers\NISx64\1108000.005

2011-11-24 08:00 . 2011-11-24 08:00 -------- d-----w- c:\program files (x86)\MSXML 4.0

2011-11-23 08:44 . 2011-11-23 08:44 -------- d-----w- c:\windows\SysWow64\Wat

2011-11-23 08:44 . 2011-11-23 08:44 -------- d-----w- c:\windows\system32\Wat

2011-11-23 08:22 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2011-11-23 08:22 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2011-11-23 08:08 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2011-11-23 08:08 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2011-11-23 08:08 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2011-11-23 08:08 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2011-11-23 08:08 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2011-11-23 08:08 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2011-11-23 08:08 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-11-23 08:08 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2011-11-23 08:08 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2011-11-23 08:08 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-11-23 08:05 . 2011-11-23 08:05 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2011-11-23 08:00 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys

2011-11-22 17:24 . 2010-12-21 06:13 2003968 ----a-w- c:\windows\system32\msxml6.dll

2011-11-22 17:23 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll

2011-11-22 02:50 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll

2011-11-22 02:50 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll

2011-11-22 02:50 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll

2011-11-22 02:50 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll

2011-11-21 22:46 . 2011-11-21 22:46 0 ----a-w- c:\windows\ativpsrm.bin

2011-11-21 22:45 . 2011-11-21 22:45 3 ----a-w- c:\windows\system32\PLD_Framework.cmd

2011-11-21 22:41 . 2011-11-21 22:41 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2011-11-21 22:40 . 2011-11-21 22:40 -------- d-----w- c:\program files\Common Files\ATI Technologies

2011-11-21 22:40 . 2011-11-21 22:40 -------- d-----w- c:\program files\ATI

2011-11-21 22:40 . 2011-11-21 22:40 -------- d-----w- c:\program files (x86)\ATI Technologies

2011-11-21 21:25 . 2011-11-21 21:25 -------- d-----w- c:\program files (x86)\SystemRequirementsLab

2011-11-21 21:15 . 2011-11-22 02:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-11-21 21:15 . 2011-11-21 21:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-11-21 20:58 . 2011-11-21 20:58 -------- d-----w- c:\programdata\Malwarebytes

2011-11-21 20:57 . 2011-11-21 20:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-21 20:34 . 2011-11-21 20:34 -------- d-----w- c:\programdata\Ralink Driver

2011-11-21 20:08 . 2011-11-21 20:08 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2011-11-21 20:01 . 2006-11-29 18:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2011-11-21 20:01 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll

2011-11-21 20:01 . 2011-11-21 20:01 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2011-11-21 20:00 . 2011-11-21 20:00 -------- d-----w- c:\program files (x86)\Microsoft

2011-11-21 20:00 . 2011-11-21 20:00 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive

2011-11-21 20:00 . 2011-11-21 20:01 -------- d-----w- c:\program files (x86)\Windows Live

2011-11-21 19:59 . 2011-11-21 19:59 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

2011-11-21 19:58 . 2011-11-21 20:14 -------- d-----w- c:\programdata\Best Buy Software Installer

2011-11-21 19:58 . 2011-11-21 19:58 -------- d-----w- c:\program files\Best Buy Software Installer

2011-11-21 19:58 . 2011-11-22 03:10 -------- dc-h--w- c:\programdata\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}

2011-11-21 19:57 . 2011-11-21 19:57 -------- d-----w- c:\program files (x86)\Common Files\CyberLink

2011-11-21 19:56 . 2011-11-21 19:57 -------- d-----w- c:\program files (x86)\CyberLink

2011-11-21 19:56 . 2011-11-21 19:55 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll

2011-11-21 19:56 . 2011-11-21 19:55 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll

2011-11-21 19:56 . 2011-11-21 19:55 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll

2011-11-21 19:53 . 2011-11-21 19:53 -------- d-----w- c:\program files\Creative

2011-11-21 19:53 . 2011-11-21 19:54 -------- d-----w- c:\program files (x86)\Creative

2011-11-21 19:53 . 2011-11-21 19:53 -------- d-----w- c:\programdata\ATI

2011-11-21 19:52 . 2011-11-21 19:52 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2011-11-21 19:52 . 2011-11-21 19:52 -------- d-----w- c:\program files\Symantec

2011-11-21 19:52 . 2011-11-21 19:52 -------- d-----w- c:\program files\Common Files\Symantec Shared

2011-11-21 19:49 . 2011-11-21 19:49 -------- d-----w- c:\users\Public\Symantec

2011-11-21 19:49 . 2011-11-21 19:52 -------- d-----w- c:\programdata\OEM

2011-11-21 19:49 . 2011-11-21 19:52 -------- d-----w- c:\users\elx

2011-11-21 19:49 . 2011-11-21 19:49 -------- d-----w- C:\Recovery

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2010-04-21 07:37 433648 ----a-w- c:\programdata\Partner\Partner.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-11-17 244480]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304]

"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2010-01-22 1016320]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\elx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy Software Installer.lnk.disabled [2011-11-21 1074]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Photo Frame.lnk.disabled [2010-4-21 1111]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-2-15 1135560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 135664]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-21 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-21 79360]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 135664]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-04-21 332272]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-15 1156216]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20111124.030\IDSvia64.sys [2011-11-18 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [x]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-11-17 255744]

S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]

S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-21 138360]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 21:23]

.

2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 21:23]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2010-04-21 07:37 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]

"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17361111z316p0495v1i5k45i1r49n

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17361111z316p0495v1i5k45i1r49n

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

.

**************************************************************************

.

Completion time: 2011-11-25 02:11:25 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-25 07:11

.

Pre-Run: 942,213,517,312 bytes free

Post-Run: 941,998,202,880 bytes free

.

- - End Of File - - 0A21EEE98FF9DABD4EB2C237C33EE90D

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/21/2011 2:49:10 PM

System Uptime: 11/25/2011 1:51:30 AM (1 hours ago)

.

Motherboard: Gateway | | FX6840

Processor: Intel® Core i7 CPU 860 @ 2.80GHz | CPU 1 | 2772/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 916 GiB total, 877.366 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&DAE4155&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&DAE4155&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP1: 11/21/2011 2:53:07 PM - Installed THX TruStudio PC

RP2: 11/21/2011 2:55:58 PM - Installed PowerDVD

RP3: 11/21/2011 3:01:12 PM - Installed DirectX

RP4: 11/21/2011 3:33:55 PM - Installed Ralink RT2860 Wireless LAN Card

RP5: 11/21/2011 9:50:38 PM - Windows Update

RP6: 11/23/2011 3:00:23 AM - Windows Update

RP7: 11/24/2011 3:00:11 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office Suite Service Pack 2 (SP2)

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.1 MUI

Advertising Center

AMD DnD V1.0.19

Backup Manager Advance

Best Buy Software Installer

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Choice Guard

Compatibility Pack for the 2007 Office system

CyberLink PowerDVD 9

Gateway InfoCentre

Gateway MyBackup

Gateway Recovery Management

Gateway Registration

Gateway ScreenSaver

Gateway Updater

Google Toolbar for Internet Explorer

Google Update Helper

Identity Card

ImagXpress

Junk Mail filter update

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

Norton Internet Security

Photo Frame

Ralink RT2860 Wireless LAN Card

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Spybot - Search & Destroy

System Requirements Lab CYRI

THX TruStudio PC

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Welcome Center

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

11/25/2011 1:54:17 AM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.

11/25/2011 1:54:17 AM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.

11/25/2011 1:52:51 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: A device attached to the system is not functioning.

11/25/2011 1:50:41 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/25/2011 1:05:02 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

11/24/2011 7:40:55 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.106 with the system having network hardware address 16-DA-E9-08-46-87. Network operations on this system may be disrupted as a result.

11/23/2011 3:49:00 AM, Error: Service Control Manager [7023] -

11/23/2011 3:46:42 AM, Error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).

11/23/2011 3:46:41 AM, Error: Service Control Manager [7034] - The NTI IScheduleSvc service terminated unexpectedly. It has done this 1 time(s).

11/23/2011 3:46:33 AM, Error: Service Control Manager [7034] - The USBS3S4Detection service terminated unexpectedly. It has done this 1 time(s).

11/23/2011 3:46:32 AM, Error: Service Control Manager [7034] - The Updater Service service terminated unexpectedly. It has done this 1 time(s).

11/23/2011 3:46:31 AM, Error: Service Control Manager [7034] - The GRegService service terminated unexpectedly. It has done this 1 time(s).

11/23/2011 3:44:41 AM, Error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.

11/23/2011 3:18:25 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

11/23/2011 3:14:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688).

11/23/2011 3:11:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB954430).

11/21/2011 5:38:50 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.

11/21/2011 3:30:04 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.101 with the system having network hardware address 16-DA-E9-08-46-87. Network operations on this system may be disrupted as a result.

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by elx at 2:12:35 on 2011-11-25

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6841 [GMT -5:00]

.

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\OEM\USBDECTION\USBS3S4Detection.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe

C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17361111z316p0495v1i5k45i1r49n

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=fx6840&r=17361111z316p0495v1i5k45i1r49n

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL

BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\elx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk.disabled

StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Photo Frame.lnk.disabled

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{0DBE69A3-F53C-486B-BD0F-46735CED41F9} : DhcpNameServer = 192.168.0.1

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20111114.002\BHDrvx64.sys [2011-11-14 1156216]

R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys --> C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20111124.030\IDSviA64.sys [2011-11-24 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1108000.005\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [2011-11-25 126392]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-11-17 255744]

R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-4-21 243232]

R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2010-4-21 76320]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-21 138360]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 135664]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-21 366152]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-21 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-21 79360]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-21 135664]

S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-4-21 332272]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-11-25 06:16:11 98816 ----a-w- C:\Windows\sed.exe

2011-11-25 06:16:11 518144 ----a-w- C:\Windows\SWREG.exe

2011-11-25 06:16:11 256000 ----a-w- C:\Windows\PEV.exe

2011-11-25 06:16:11 208896 ----a-w- C:\Windows\MBR.exe

2011-11-25 06:15:00 -------- d-----w- C:\ComboFix

2011-11-25 06:05:08 451120 ----a-w- C:\Windows\System32\drivers\NISx64\1108000.005\symtdiv.sys

2011-11-25 06:05:07 505392 ----a-w- C:\Windows\System32\drivers\NISx64\1108000.005\srtsp64.sys

2011-11-25 06:05:07 433200 ----a-r- C:\Windows\System32\drivers\NISx64\1108000.005\symds64.sys

2011-11-25 06:05:07 32304 ----a-w- C:\Windows\System32\drivers\NISx64\1108000.005\srtspx64.sys

2011-11-25 06:05:07 221232 ----a-w- C:\Windows\System32\drivers\NISx64\1108000.005\symefa64.sys

2011-11-25 06:05:06 615040 ----a-w- C:\Windows\System32\drivers\NISx64\1108000.005\cchpx64.sys

2011-11-25 06:05:06 150064 ----a-w- C:\Windows\System32\drivers\NISx64\1108000.005\ironx64.sys

2011-11-25 06:04:55 -------- d-----w- C:\Windows\System32\drivers\NISx64\1108000.005

2011-11-24 08:00:38 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2011-11-23 08:44:42 -------- d-----w- C:\Windows\SysWow64\Wat

2011-11-23 08:44:41 -------- d-----w- C:\Windows\System32\Wat

2011-11-23 08:22:55 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2011-11-23 08:22:55 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2011-11-23 08:08:58 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2011-11-23 08:08:58 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2011-11-23 08:08:58 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2011-11-23 08:08:58 444752 ----a-w- C:\Windows\System32\mscoree.dll

2011-11-23 08:08:58 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2011-11-23 08:08:58 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2011-11-23 08:08:58 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2011-11-23 08:08:58 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-11-23 08:08:58 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2011-11-23 08:08:58 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2011-11-23 08:00:35 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2011-11-22 17:24:59 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2011-11-22 17:23:59 1739176 ----a-w- C:\Windows\System32\ntdll.dll

2011-11-22 02:50:37 220672 ----a-w- C:\Windows\System32\wintrust.dll

2011-11-22 02:50:37 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2011-11-22 02:50:37 139264 ----a-w- C:\Windows\System32\cabview.dll

2011-11-22 02:50:37 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2011-11-21 22:46:33 0 ----a-w- C:\Windows\ativpsrm.bin

2011-11-21 22:45:43 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd

2011-11-21 22:41:11 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2011-11-21 22:40:31 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2011-11-21 22:40:12 -------- d-----w- C:\Program Files\ATI

2011-11-21 22:40:11 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2011-11-21 21:25:17 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2011-11-21 21:15:52 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-11-21 21:15:52 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-11-21 20:58:11 -------- d-----w- C:\Users\elx\AppData\Roaming\Malwarebytes

2011-11-21 20:58:02 -------- d-----w- C:\ProgramData\Malwarebytes

2011-11-21 20:57:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-11-21 20:34:05 -------- d-----w- C:\ProgramData\Ralink Driver

2011-11-21 20:33:49 -------- d-----w- C:\Users\elx\AppData\Local\CrashDumps

2011-11-21 20:31:52 -------- d-----w- C:\Users\elx\AppData\Local\Google

2011-11-21 20:18:12 -------- d-----w- C:\Users\elx\AppData\Local\ElevatedDiagnostics

2011-11-21 20:14:54 -------- d-----w- C:\Users\elx\AppData\Local\Best_Buy®

2011-11-21 20:08:08 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2011-11-21 20:01:20 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2011-11-21 20:01:20 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2011-11-21 20:01:09 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2011-11-21 20:00:34 -------- d-----w- C:\Program Files (x86)\Microsoft

2011-11-21 20:00:17 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive

2011-11-21 19:59:46 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1e20d9121cca888\DSETUP.dll

2011-11-21 19:59:46 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1e20d9121cca888\DXSETUP.exe

2011-11-21 19:59:46 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1e20d9121cca888\dsetup32.dll

2011-11-21 19:59:31 140066664 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc2348.tmp

2011-11-21 19:59:27 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2011-11-21 19:58:05 -------- d-----w- C:\ProgramData\Best Buy Software Installer

2011-11-21 19:58:05 -------- d-----w- C:\Program Files\Best Buy Software Installer

2011-11-21 19:58:04 -------- dc-h--w- C:\ProgramData\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}

2011-11-21 19:58:03 -------- d-----w- C:\Users\elx\AppData\Local\PackageAware

2011-11-21 19:57:04 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink

2011-11-21 19:56:12 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2011-11-21 19:56:12 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2011-11-21 19:56:12 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2011-11-21 19:53:52 -------- d-----w- C:\Program Files\Creative

2011-11-21 19:53:27 -------- d-----w- C:\Program Files (x86)\Creative

2011-11-21 19:53:23 -------- d-----w- C:\Users\elx\AppData\Local\Diagnostics

2011-11-21 19:53:16 -------- d-----w- C:\Users\elx\AppData\Local\ATI

2011-11-21 19:51:54 -------- d-----w- C:\Users\elx\AppData\Local\VirtualStore

.

==================== Find3M ====================

.

2011-11-21 19:54:37 466520 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-11-21 19:54:37 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-11-21 19:54:37 123480 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-11-21 19:54:37 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-11-21 19:52:43 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-29 04:09:30 3141120 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 2:20:27.82 ===============

Link to post
Share on other sites

Hi,

Go to Start > type or copy/paste the following in the "search program and files" textbox, then press Enter

diskmgmt.msc

Capture and attach a screenshot of what you see there.

---

Please download MBRCheck.exe to your desktop.

Be sure to disable your security programs

Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)

A window will open on your desktop

if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.

If nothing unusual is found just press Enter

A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.

Please post the contents of that file.

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Gateway

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: Gateway

System Product Name: FX6840

Logical Drives Mask: 0x000001fc

Kernel Drivers (total 160):

0x02C17000 \SystemRoot\system32\ntoskrnl.exe

0x031F3000 \SystemRoot\system32\hal.dll

0x00BB6000 \SystemRoot\system32\kdcom.dll

0x00C4C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00C90000 \SystemRoot\system32\PSHED.dll

0x00CA4000 \SystemRoot\system32\CLFS.SYS

0x00D02000 \SystemRoot\system32\CI.dll

0x00ED8000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F7C000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F8B000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00FE2000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00FEB000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys

0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00E40000 \SystemRoot\System32\drivers\partmgr.sys

0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys

0x00DC2000 \SystemRoot\System32\drivers\mountmgr.sys

0x01060000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x0117C000 \SystemRoot\system32\DRIVERS\atapi.sys

0x01185000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x011AF000 \SystemRoot\system32\drivers\amdxata.sys

0x01000000 \SystemRoot\system32\drivers\fltmgr.sys

0x012F0000 \SystemRoot\system32\drivers\NISx64\1108000.005\SYMDS64.SYS

0x0135E000 \SystemRoot\system32\drivers\fileinfo.sys

0x01372000 \SystemRoot\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS

0x01443000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01200000 \SystemRoot\System32\Drivers\msrpc.sys

0x015E5000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0125E000 \SystemRoot\System32\Drivers\cng.sys

0x01400000 \SystemRoot\System32\drivers\pcw.sys

0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01613000 \SystemRoot\system32\drivers\ndis.sys

0x01705000 \SystemRoot\system32\drivers\NETIO.SYS

0x01765000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01802000 \SystemRoot\System32\drivers\tcpip.sys

0x01790000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x013AD000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x017DA000 \SystemRoot\System32\Drivers\spldr.sys

0x011BA000 \SystemRoot\System32\drivers\rdyboost.sys

0x017E2000 \SystemRoot\System32\Drivers\mup.sys

0x017F4000 \SystemRoot\System32\drivers\hwpolicy.sys

0x00C00000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x0141B000 \SystemRoot\system32\DRIVERS\disk.sys

0x01AAC000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x02F71000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x02F9B000 \SystemRoot\System32\Drivers\Null.SYS

0x02FA4000 \SystemRoot\System32\Drivers\Beep.SYS

0x02FAB000 \SystemRoot\System32\drivers\vga.sys

0x02FB9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x02FDE000 \SystemRoot\System32\drivers\watchdog.sys

0x02FEE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x02FF7000 \SystemRoot\system32\drivers\rdpencdd.sys

0x02E00000 \SystemRoot\system32\drivers\rdprefmp.sys

0x02E09000 \SystemRoot\System32\Drivers\Msfs.SYS

0x02E14000 \SystemRoot\System32\Drivers\Npfs.SYS

0x01AEA000 \SystemRoot\system32\DRIVERS\tdx.sys

0x02E25000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x01B08000 \SystemRoot\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS

0x01B7E000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

0x01A00000 \SystemRoot\system32\drivers\afd.sys

0x01BB4000 \SystemRoot\System32\DRIVERS\netbt.sys

0x02E32000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x03E8F000 \SystemRoot\system32\DRIVERS\pacer.sys

0x03EB5000 \SystemRoot\system32\DRIVERS\netbios.sys

0x03EC4000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x03EDF000 \SystemRoot\system32\DRIVERS\termdd.sys

0x03EF3000 \SystemRoot\system32\drivers\NISx64\1108000.005\Ironx64.SYS

0x03F1A000 \SystemRoot\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS

0x03F2E000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x03F7F000 \SystemRoot\system32\drivers\nsiproxy.sys

0x03F8B000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x03E00000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20111124.030\IDSvia64.sys

0x044CB000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

0x04544000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0x0456A000 \SystemRoot\System32\drivers\discache.sys

0x04579000 \SystemRoot\System32\Drivers\dfsc.sys

0x04400000 \SystemRoot\system32\drivers\NISx64\1108000.005\ccHPx64.sys

0x0449C000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x0463C000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20111114.002\BHDrvx64.sys

0x0475B000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x04781000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x04797000 \SystemRoot\system32\DRIVERS\atikmpag.sys

0x04A7E000 \SystemRoot\system32\DRIVERS\atipmdag.sys

0x050D9000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x04A00000 \SystemRoot\System32\drivers\dxgmms1.sys

0x04A46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x04A6A000 \SystemRoot\system32\drivers\usbehci.sys

0x04597000 \SystemRoot\system32\drivers\USBPORT.SYS

0x03F96000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x051EB000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x047CB000 \??\C:\Windows\system32\drivers\UBHelper.sys

0x047D3000 \??\C:\Windows\system32\drivers\NTIDrvr.sys

0x047DB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x047E4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x04600000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x04616000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x047F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x052A0000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x052CF000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x052EA000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x0530B000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x05325000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x05334000 \SystemRoot\system32\DRIVERS\swenum.sys

0x05336000 \SystemRoot\system32\DRIVERS\ks.sys

0x05379000 \SystemRoot\system32\DRIVERS\umbus.sys

0x0538B000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x053E5000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x05200000 \SystemRoot\system32\drivers\AtiHdmi.sys

0x05221000 \SystemRoot\system32\drivers\portcls.sys

0x0525E000 \SystemRoot\system32\drivers\drmk.sys

0x05280000 \SystemRoot\system32\drivers\ksthunk.sys

0x060C3000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x062EC000 \SystemRoot\system32\drivers\MBfilt64.sys

0x062FA000 \SystemRoot\System32\Drivers\crashdmp.sys

0x02E3B000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x06308000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x0631B000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x06338000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x00080000 \SystemRoot\System32\win32k.sys

0x0633A000 \SystemRoot\System32\drivers\Dxapi.sys

0x06346000 \SystemRoot\system32\drivers\USBSTOR.SYS

0x06361000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x0636F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x06388000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x06391000 \SystemRoot\system32\DRIVERS\monitor.sys

0x0639F000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x063AC000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x00430000 \SystemRoot\System32\TSDDD.dll

0x00710000 \SystemRoot\System32\cdd.dll

0x063BA000 \SystemRoot\system32\drivers\luafv.sys

0x063DD000 \SystemRoot\system32\drivers\WudfPf.sys

0x06000000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x06015000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x06068000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x0607B000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x064DA000 \SystemRoot\system32\drivers\HTTP.sys

0x065A2000 \SystemRoot\system32\DRIVERS\bowser.sys

0x065C0000 \SystemRoot\System32\drivers\mpsdrv.sys

0x06400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x0642D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0647B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x07ED6000 \SystemRoot\system32\drivers\peauth.sys

0x07F7C000 \SystemRoot\System32\Drivers\secdrv.SYS

0x07F87000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x07FB4000 \SystemRoot\System32\drivers\tcpipreg.sys

0x07E00000 \SystemRoot\System32\DRIVERS\srv2.sys

0x084EE000 \SystemRoot\System32\DRIVERS\srv.sys

0x08583000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x08400000 \SystemRoot\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS

0x09002000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20111125.002\EX64.SYS

0x084C6000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20111125.002\ENG64.SYS

0x772B0000 \Windows\System32\ntdll.dll

0x47890000 \Windows\System32\smss.exe

0xFF5D0000 \Windows\System32\apisetschema.dll

0xFFD70000 \Windows\System32\autochk.exe

0xFF520000 \Windows\System32\msvcrt.dll

0xFF440000 \Windows\System32\oleaut32.dll

0x77190000 \Windows\System32\kernel32.dll

0xFF410000 \Windows\System32\imm32.dll

Processes (total 54):

0 System Idle Process

4 System

380 C:\Windows\System32\smss.exe

516 csrss.exe

568 C:\Windows\System32\wininit.exe

588 csrss.exe

632 C:\Windows\System32\winlogon.exe

684 C:\Windows\System32\services.exe

692 C:\Windows\System32\lsass.exe

700 C:\Windows\System32\lsm.exe

800 C:\Windows\System32\svchost.exe

876 C:\Windows\System32\svchost.exe

968 C:\Windows\System32\atiesrxx.exe

1012 C:\Windows\System32\svchost.exe

156 C:\Windows\System32\svchost.exe

428 C:\Windows\System32\svchost.exe

1048 C:\Windows\System32\svchost.exe

1172 C:\Windows\System32\svchost.exe

1308 C:\Windows\System32\spoolsv.exe

1340 C:\Windows\System32\svchost.exe

1436 C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

1536 C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe

1568 C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

1636 C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

1712 C:\OEM\USBDECTION\USBS3S4Detection.exe

1740 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

2268 WUDFHost.exe

2604 C:\Windows\System32\svchost.exe

2800 C:\Windows\System32\atieclxx.exe

2928 C:\Windows\System32\taskhost.exe

2980 C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe

3092 C:\Windows\System32\dwm.exe

3100 C:\Windows\explorer.exe

3316 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

3376 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

3532 C:\Windows\System32\rundll32.exe

3636 C:\Windows\System32\SearchIndexer.exe

3788 C:\Windows\System32\svchost.exe

3840 C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe

4036 C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe

1516 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

3784 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

3136 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

3520 C:\Program Files\Windows Media Player\wmpnetwk.exe

4060 C:\Program Files (x86)\Internet Explorer\iexplore.exe

2180 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

4468 C:\Windows\System32\svchost.exe

4632 C:\Windows\System32\audiodg.exe

1840 WmiPrvSE.exe

1800 C:\Windows\System32\svchost.exe

4932 dllhost.exe

3940 dllhost.exe

3592 C:\Users\elx\Desktop\MBRCheck.exe

4888 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD10EADS-22M2B0, Rev: 01.00A01

Size Device Name MBR Status

--------------------------------------------

931 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

post-100636-0-11876600-1322239561.png

Link to post
Share on other sites

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Link to post
Share on other sites

MiniToolBox by Farbar

Ran by elx (administrator) on 25-11-2011 at 15:21:47

Windows 7 Home Premium (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : elx-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : twmi.rr.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : twmi.rr.com

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 44-87-FC-7F-A2-6A

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::1cec:9cfd:9360:ce1e%11(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.0.102(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Friday, November 25, 2011 3:20:30 PM

Lease Expires . . . . . . . . . . : Friday, December 02, 2011 3:20:29 PM

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DHCPv6 IAID . . . . . . . . . . . : 189040636

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-5C-8A-F3-44-87-FC-7F-A2-6A

DNS Servers . . . . . . . . . . . : 192.168.0.1

NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.twmi.rr.com:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : twmi.rr.com

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4e1:13f6:52a6:8c85(Preferred)

Link-local IPv6 Address . . . . . : fe80::4e1:13f6:52a6:8c85%13(Preferred)

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: UnKnown

Address: 192.168.0.1

Name: google.com

Addresses: 74.125.225.17

74.125.225.18

74.125.225.19

74.125.225.20

74.125.225.16

Pinging google.com [74.125.225.16] with 32 bytes of data:

Reply from 74.125.225.16: bytes=32 time=48ms TTL=52

Reply from 74.125.225.16: bytes=32 time=50ms TTL=52

Ping statistics for 74.125.225.16:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 48ms, Maximum = 50ms, Average = 49ms

Server: UnKnown

Address: 192.168.0.1

Name: yahoo.com

Addresses: 98.137.149.56

98.139.180.149

209.191.122.70

72.30.2.43

Pinging yahoo.com [72.30.2.43] with 32 bytes of data:

Reply from 72.30.2.43: bytes=32 time=94ms TTL=50

Reply from 72.30.2.43: bytes=32 time=105ms TTL=50

Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 94ms, Maximum = 105ms, Average = 99ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

11...44 87 fc 7f a2 6a ......Realtek PCIe GBE Family Controller

1...........................Software Loopback Interface 1

12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.102 10

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.0.0 255.255.255.0 On-link 192.168.0.102 266

192.168.0.102 255.255.255.255 On-link 192.168.0.102 266

192.168.0.255 255.255.255.255 On-link 192.168.0.102 266

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.0.102 266

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.0.102 266

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

13 58 ::/0 On-link

1 306 ::1/128 On-link

13 58 2001::/32 On-link

13 306 2001:0:4137:9e76:4e1:13f6:52a6:8c85/128

On-link

11 266 fe80::/64 On-link

13 306 fe80::/64 On-link

13 306 fe80::4e1:13f6:52a6:8c85/128

On-link

11 266 fe80::1cec:9cfd:9360:ce1e/128

On-link

1 306 ff00::/8 On-link

13 306 ff00::/8 On-link

11 266 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (11/25/2011 00:30:20 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".

Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (11/25/2011 00:30:20 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".

Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (11/25/2011 00:30:20 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".

Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (11/25/2011 00:30:20 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".

Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (11/25/2011 00:30:19 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (11/25/2011 00:30:10 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/24/2011 00:30:44 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".

Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (11/24/2011 00:30:44 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".

Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (11/24/2011 00:30:44 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".

Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (11/24/2011 00:30:44 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".

Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

System errors:

=============

Error: (11/25/2011 03:20:18 PM) (Source: Tcpip) (User: )

Description: The system detected an address conflict for IP address 192.168.0.101 with the system

having network hardware address 16-DA-E9-08-46-87. Network operations on this system may

be disrupted as a result.

Error: (11/25/2011 11:39:09 AM) (Source: Tcpip) (User: )

Description: The system detected an address conflict for IP address 0.0.0.0 with the system

having network hardware address 16-DA-E9-08-46-87. Network operations on this system may

be disrupted as a result.

Error: (11/25/2011 03:23:10 AM) (Source: Service Control Manager) (User: )

Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:

%%2

Error: (11/25/2011 03:23:10 AM) (Source: Service Control Manager) (User: )

Description: The MBAMProtector service failed to start due to the following error:

%%2

Error: (11/25/2011 03:19:54 AM) (Source: Service Control Manager) (User: )

Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:

%%2

Error: (11/25/2011 03:19:54 AM) (Source: Service Control Manager) (User: )

Description: The MBAMProtector service failed to start due to the following error:

%%2

Error: (11/25/2011 01:54:17 AM) (Source: Service Control Manager) (User: )

Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:

%%2

Error: (11/25/2011 01:54:17 AM) (Source: Service Control Manager) (User: )

Description: The MBAMProtector service failed to start due to the following error:

%%2

Error: (11/25/2011 01:52:51 AM) (Source: Service Control Manager) (User: )

Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:

%%31

Error: (11/25/2011 01:50:41 AM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Microsoft Office Sessions:

=========================

========================= Memory info: ===================================

Percentage of memory in use: 21%

Total physical RAM: 8183.11 MB

Available physical RAM: 6388.97 MB

Total Pagefile: 16364.36 MB

Available Pagefile: 14371.81 MB

Total Virtual: 4095.88 MB

Available Virtual: 3953.09 MB

========================= Partitions: =====================================

1 Drive c: (Gateway) (Fixed) (Total:916.41 GB) (Free:876.88 GB) NTFS

========================= Users: ========================================

User accounts for \\ELX-PC

Administrator elx Guest

**** End of log ****

Link to post
Share on other sites

I'm not seeing much progress on this end unfortunately. Google redirects are still happening and my wireless adapter still isn't being recognized by the computer. Also just in the last day Malwarebytes is defaulting to the protection being disabled. Attempting to enable it brings up the following error: [startService] Failed to perform desired action. Error Code: 1068

With protection being disabled and not being able to hold a connection online (I have to bridge a connection from my laptop due to the wireless adapter), I'm not sure if the random IP connects are still a posssible issue at this time.

Link to post
Share on other sites

Right now I have a D-Link router hooked up to my modem. Everything else throughout the house is picking up the wireless signal just fine (laptop, 2 XBOXs, PS3, phone). This computer is the only thing not allowing me to set up a wireless connection. I actually just moved my desktop into a range where I could reach a maintain a wired connection to the router.

Link to post
Share on other sites

But does your other systems detect this wireless adapter that the affected system doesn't? None of those other systems isn't having any redirecting issues?

Perhaps I'm miswording things, by wireless adapter i mean the wireless card that is built into the desktop. The other systems on my network have no issues.

Link to post
Share on other sites

Hi,

Ok. I thought it might had been one of those wireless adapters that can be plugged into USB port. Does device manager show any exclamation marks related to network devices?

Please download mbrfix.exe from here.

Scroll down to locate mbrfix.exe and in the lower right corner of the tool info, you'll see the Download link. It's important that you save it directly to the C:\ drive and extract it to that same location.

Double click the mbrfix folder and drag the mbrfix64.exe out of that folder so it's location is C:\mbrfix64.exe

Click start->in search box type cmd.exe, right click cmd.exe and select run as administrator.

If all went well you should have black window with Administrator: Command Prompt title open.

At the prompt, type in the following and press Enter:

cd /d c:\

( Note - there is a space between cd and /d and another space between /d and c:\ )

You should now be at the C:\> prompt.

Type in the following and press Enter:

MbrFix64_/drive_0_savembr_MBRNormalmode

(Note - I've placed underscores where spaces should be. Do not type in the underscore, just hit the space bar. Also, the 0 you see in the command, is the numeral 0.)

Next, type exit and press Enter.

--

Next, restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.

At the prompt, type in the following and press Enter:

cd /d c:\

( Note - there is a space between cd and /d and another space between /d and c:\ )

You should now be at the C:\> prompt.

Type in the following and press Enter:

MbrFix64_/drive_0_savembr_MBRREmode

(Again, note - I've placed underscores where spaces should be. Do not type in the underscore, just hit the space bar. Also, the 0 you see in the command, is the numeral 0.)

Next, type exit and press Enter and restart the machine.

Navigate to C:\MBRNormalmode file. Right click it to zip it up, and please attach it to your next post. Repeat with C:\MBRREmode file.

Link to post
Share on other sites

There are no network related exclamation points under the Device Manager. I was able to get the MBRNormal mode file just fine, but I'm having issues with the MBRREmode through the advanced boot menu. I'm able to access the command prompt just fine, but upon reaching the C:/ directory and entering MbrFix54 /drive 0 savembr MBRREmode I get this error: 'MbrFix64' is not recognized as an internal or external command, operable program or batch file. I've tried this 3 times, restarting and re-entering the repair mode/command prompt each time to be sure I didn't misselect any options or mistype the command. Any idea what could be causing this issue?

MBRNormalmode.zip

Link to post
Share on other sites

Hi,

I found the file in the d:/ directory and was able to execute the file, but upon trying to zip the file to upload it Norton flagged it as Trojan.Gen.2 and deleted it. Should I disable Norton temporarily and go back through the same process?

Link to post
Share on other sites

Hi,

Reboot again to recovery environment's command prompt. Type the following commands there:

cd /d d:

bootrec /fixmbr

Then reboot back into normal mode and see if symptoms still persist.

Progress!

Google redirects seem to be gone, and protection is able to be enabled in MalwareBytes. I am getting one error pop up in MBAM ([Open Event] Failed to perform desired action. Error Code 2), and my computer is still acting as if my wireless card doesn't exist, so I can't even search for a wireless signal to connect to.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.