Jump to content

Firewall Broken- Internet Redirects


Recommended Posts

My firewall went down and I tracked the problem to the Windows Firewall Authorization Driver. It gives the error 'can't create a file that already exists' or something like that when I try to start it. Nothing comes up on any scans with MBAM or McAfee. Also, it's been redirecting me sometimes to weird sites. Might be a coincidence, but when I tried to come to this forum it redirected me many times. For a while when I was trying to open the 'I'm infected - What do I do now?' thread it kept sending me to the user profile of a malwarebytes forum user named Quartermass.

When trying to post this the connection kept getting reset. I emailed the post to myself and am trying to post it via my girlfriend's mac, if you're reading this then it worked. :) I hope it's a good sign that my virus hates your website. lol

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26

Run by Robert at 8:22:09 on 2011-12-06

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.152 [GMT -6:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files\Acer\Registration\GregHSRW.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe

C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Acer\Acer VCM\AcerVCM.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\TEMP\nvapdq\setup.exe

C:\Windows\Temp\_ex-68.exe

C:\Windows\System32\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=27b505103335l0384wwh5w57323493

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=27b505103335l0384wwh5w57323493

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=27b505103335l0384wwh5w57323493

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111114195646.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [LManager] c:\program files\launch manager\LManager.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe

mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"

mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe

mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED

mRun: [PLFSetI] c:\windows\PLFSetI.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [MozillaAgent] c:\windows\temp\_ex-68.exe

StartupFolder: c:\users\robert~1.rob\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\users\robert~1.rob\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\14344434658444C425 : DhcpNameServer = 10.0.1.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\2456C6B696E6E233644343 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\4616679646130313 : DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\75962756C6563737 : DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\C696E6B6379737 : DhcpNameServer = 69.66.0.20 69.66.1.20

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\E4544574541425 : DhcpNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\robert.robertron\appdata\roaming\mozilla\firefox\profiles\isyy18f7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\sony\media go\npmediago.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2011-12-03 02:55:17 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-28 01:05:45 0 ---ha-w- c:\users\robert.robertron\appdata\local\BIT91C4.tmp

2011-11-10 14:14:57 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-10 14:14:42 708608 ----a-w- c:\program files\common files\system\wab32.dll

2011-11-10 14:14:28 2339840 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2011-12-02 21:19:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-18 20:32:30 150856 ----a-w- c:\windows\system32\mfevtps.exe

2011-10-15 19:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-10-15 19:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-10-15 19:16:16 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-10-15 19:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-10-15 19:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-10-15 19:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-10-15 19:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-10-15 19:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-10-15 19:16:16 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-10-15 19:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 8:56:26.04 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Starter

Boot Device: \Device\HarddiskVolume2

Install Date: 5/18/2010 4:54:23 AM

System Uptime: 12/4/2011 6:35:08 PM (38 hours ago)

.

Motherboard: Acer | | Aspire one

Processor: Intel® Atom CPU N280 @ 1.66GHz | CPU | 799/667mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 221 GiB total, 61.319 GiB free.

D: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 2 (SP2)

7-Zip 4.65

Acer Assist

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer Games

Acer Registration

Acer ScreenSaver

Acer Updater

Acer VCM

Acrobat.com

ActiveState Komodo Edit 6.1.2

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.3

Age of Empires III

Age of Empires III - The Asian Dynasties

Age of Empires III - The WarChiefs

Apple Application Support

Apple Software Update

Aspell English Dictionary-0.50-2

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Battle for Wesnoth 1.8.6

Blender (remove only)

Choice Guard

Compatibility Pack for the 2007 Office system

D3DX10

Debut Video Capture Software

eBay Worldwide

eSobi v2

Fallout

Fallout Tactics

Fallout2

FBIde 0.4.6

FileZilla Client 3.5.0

FreeBASIC 0.21.1

GIMP 2.6.9

GNU Aspell 0.50-3

Google Toolbar for Internet Explorer

Google Update Helper

Icewind Dale II

Identity Card

ImgBurn

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

JADE (Java-based Ancient Domains Engine)

Java Auto Updater

Java 6 Update 26

Junk Mail filter update

Launch Manager

LEGO Digital Designer

Lords of Magic Special Edition

Majesty: Gold Edition

Malwarebytes' Anti-Malware version 1.51.2.1300

MapleStory

McAfee Internet Security Suite

Media Go

Media Go Video Playback Engine 1.64.104.02270

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Age of Empires II

Microsoft Age of Empires II: The Conquerors Expansion

Microsoft Application Error Reporting

Microsoft GIF Animator

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft XNA Framework Redistributable 4.0

mIRC

Morrowind

Mozilla Firefox 8.0 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyWinLocker

Neverwinter Nights

Norton Online Backup

Notepad++

OpenOffice.org 3.2

Paint.NET v3.5.10

Pivot Stickfigure Animator

PlayStation®Network Downloader

PlayStation®Store

Pokemon World Online version 1.8

PokerTH

Port Royale 2

Python 2.6 pygame-1.9.1

Python 2.7.2

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Red Alert Windows 95

RPGToolkit, Version 3.1.0

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for 2007 Microsoft Office System (KB982312)

Security Update for 2007 Microsoft Office System (KB982331)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Office Excel 2007 (KB982308)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB982135)

Sid Meier's Alpha Centauri

Sid Meier's Alpha Centauri 2000/XP Compatibility Update

Sid Meier's Civilization III: Complete

Star Wars Empire at War

Star Wars Empire at War Forces of Corruption

Star Wars Jedi Knight: Jedi Academy

Steam

Stronghold Crusader Extreme

Synaptics Pointing Device Driver

System Requirements Lab

System Requirements Lab CYRI

Terrafirma

Terraria

TES Construction Set

Unity Web Player (All users)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Script Editor Help (KB963671)

VideoPad Video Editor

VLC media player 1.1.0

Welcome Center

Wesnoth 1.0.2

WIDCOMM Bluetooth Software

WikidPad 1.9

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.01 (32-bit)

Xvid Video Codec

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

12/6/2011 8:56:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

12/6/2011 8:32:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

12/6/2011 8:10:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiSystemHost service.

12/6/2011 8:10:02 AM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/6/2011 8:05:14 AM, Error: Service Control Manager [7000] - The 5689 service failed to start due to the following error: The system cannot find the file specified.

12/6/2011 8:02:41 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

12/6/2011 7:33:35 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.

12/6/2011 7:33:35 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 7:33:35 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.

12/6/2011 7:32:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

12/6/2011 7:31:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

12/6/2011 3:03:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).

12/5/2011 8:23:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

12/5/2011 7:45:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.

12/5/2011 7:43:41 AM, Error: Microsoft-Windows-HttpEvent [15006] - Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR\httperr1.log is invalid. This could be because another user has already created the log file or the directory.

12/3/2011 9:36:01 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

12/3/2011 9:34:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Raw Socket Service service to connect.

12/3/2011 9:34:30 PM, Error: Service Control Manager [7000] - The Raw Socket Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/3/2011 9:34:20 PM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel Security. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.

11/30/2011 1:37:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x00000004, 0x00000258, 0x84e9f798, 0x80d8adf4). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 113011-21855-01.

.

==== End Of File ===========================

I left my computer on for a while today and when I came back it was at a startup repair screen. No idea what happened. Great.

Also, after browsing this forum I realized that I noticed something called ping.exe on my computer too and my computer has been running at 100% usage. Stuff seems to be going around.

Hope you guys get to me at some point, but I really appreciate what you do here and I'm willing to wait to hear from you.

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26

Run by Robert at 7:44:02 on 2011-12-09

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.325 [GMT -6:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files\Acer\Registration\GregHSRW.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Acer\Acer VCM\RS_Service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe

C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxext.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Acer\Acer VCM\AcerVCM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=27b505103335l0384wwh5w57323493

mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=27b505103335l0384wwh5w57323493

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=27b505103335l0384wwh5w57323493

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111114195646.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [LManager] c:\program files\launch manager\LManager.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe

mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"

mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe

mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED

mRun: [PLFSetI] c:\windows\PLFSetI.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\robert~1.rob\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\users\robert~1.rob\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\14344434658444C425 : DhcpNameServer = 10.0.1.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\2456C6B696E6E233644343 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\4616679646130313 : DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\75962756C6563737 : DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\E4544574541425 : DhcpNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\robert.robertron\appdata\roaming\mozilla\firefox\profiles\isyy18f7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\sony\media go\npmediago.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

.

============= SERVICES / DRIVERS ===============

.

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-9-14 57600]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-9-13 29472]

.

=============== Created Last 30 ================

.

2011-12-08 18:02:51 -------- d-----r- C:\Sandbox

2011-12-08 17:59:11 -------- d-----w- c:\program files\Sandboxie

2011-12-03 02:55:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-28 01:05:45 0 ---ha-w- c:\users\robert.robertron\appdata\local\BIT91C4.tmp

2011-11-10 14:14:57 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-10 14:14:42 708608 ----a-w- c:\program files\common files\system\wab32.dll

2011-11-10 14:14:28 2339840 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2011-11-10 14:00:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-18 20:32:30 150856 ----a-w- c:\windows\system32\mfevtps.exe

2011-10-15 19:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-10-15 19:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-10-15 19:16:16 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-10-15 19:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-10-15 19:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-10-15 19:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-10-15 19:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-10-15 19:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-10-15 19:16:16 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-10-15 19:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 8:06:38.49 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Starter

Boot Device: \Device\HarddiskVolume2

Install Date: 5/18/2010 4:54:23 AM

System Uptime: 12/8/2011 11:38:29 AM (21 hours ago)

.

Motherboard: Acer | | Aspire one

Processor: Intel® Atom CPU N280 @ 1.66GHz | CPU | 1333/667mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 221 GiB total, 61.393 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 2 (SP2)

7-Zip 4.65

Acer Assist

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer Games

Acer Registration

Acer ScreenSaver

Acer Updater

Acer VCM

Acrobat.com

ActiveState Komodo Edit 6.1.2

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.3

Age of Empires III

Age of Empires III - The Asian Dynasties

Age of Empires III - The WarChiefs

Apple Application Support

Apple Software Update

Aspell English Dictionary-0.50-2

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Battle for Wesnoth 1.8.6

Blender (remove only)

Choice Guard

Compatibility Pack for the 2007 Office system

D3DX10

Debut Video Capture Software

eBay Worldwide

eSobi v2

Fallout

Fallout Tactics

Fallout2

FBIde 0.4.6

FileZilla Client 3.5.0

FreeBASIC 0.21.1

GIMP 2.6.9

GNU Aspell 0.50-3

Google Toolbar for Internet Explorer

Google Update Helper

Icewind Dale II

Identity Card

ImgBurn

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

JADE (Java-based Ancient Domains Engine)

Java Auto Updater

Java 6 Update 26

Junk Mail filter update

Launch Manager

LEGO Digital Designer

Lords of Magic Special Edition

Majesty: Gold Edition

Malwarebytes' Anti-Malware

MapleStory

McAfee Internet Security Suite

Media Go

Media Go Video Playback Engine 1.64.104.02270

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Age of Empires II

Microsoft Age of Empires II: The Conquerors Expansion

Microsoft Application Error Reporting

Microsoft GIF Animator

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft XNA Framework Redistributable 4.0

mIRC

Morrowind

Mozilla Firefox 8.0 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyWinLocker

Neverwinter Nights

Norton Online Backup

Notepad++

OpenOffice.org 3.2

Paint.NET v3.5.10

Pivot Stickfigure Animator

PlayStation®Network Downloader

PlayStation®Store

Pokemon World Online version 1.8

PokerTH

Port Royale 2

Python 2.6 pygame-1.9.1

Python 2.7.2

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Red Alert Windows 95

RPGToolkit, Version 3.1.0

Sandboxie 3.62 (32-bit)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for 2007 Microsoft Office System (KB982312)

Security Update for 2007 Microsoft Office System (KB982331)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Office Excel 2007 (KB982308)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB982135)

Sid Meier's Alpha Centauri

Sid Meier's Alpha Centauri 2000/XP Compatibility Update

Sid Meier's Civilization III: Complete

Star Wars Empire at War

Star Wars Empire at War Forces of Corruption

Star Wars Jedi Knight: Jedi Academy

Steam

Stronghold Crusader Extreme

Synaptics Pointing Device Driver

System Requirements Lab

System Requirements Lab CYRI

Terrafirma

Terraria

TES Construction Set

Unity Web Player (All users)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Script Editor Help (KB963671)

VideoPad Video Editor

VLC media player 1.1.0

Welcome Center

Wesnoth 1.0.2

WIDCOMM Bluetooth Software

WikidPad 1.9

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.01 (32-bit)

Xvid Video Codec

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

12/9/2011 6:43:57 AM, Error: Microsoft-Windows-HttpEvent [15006] - Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR\httperr1.log is invalid. This could be because another user has already created the log file or the directory.

12/9/2011 3:02:54 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).

12/8/2011 11:59:57 AM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel Security. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.

12/8/2011 11:40:28 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

12/7/2011 10:07:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000005a (0x00000001, 0x00000001, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120711-28282-01.

12/6/2011 9:35:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

12/6/2011 9:09:26 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.

12/6/2011 9:09:26 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

12/6/2011 9:09:26 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.

12/6/2011 8:05:14 AM, Error: Service Control Manager [7000] - The 5689 service failed to start due to the following error: The system cannot find the file specified.

12/6/2011 8:02:41 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

12/6/2011 12:09:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

12/6/2011 12:08:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

12/6/2011 12:07:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

12/6/2011 10:20:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiSystemHost service.

12/6/2011 10:20:24 AM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/5/2011 8:23:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

12/5/2011 7:45:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.

12/3/2011 9:34:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Raw Socket Service service to connect.

12/3/2011 9:34:30 PM, Error: Service Control Manager [7000] - The Raw Socket Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Link to post
Share on other sites

Hi,

Looks quite good so far. Let's run a few more checks.

* Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish. Copy-paste back the results (if any found).

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).

2. Execute the file TDSSKiller.exe.

3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).

4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

Link to post
Share on other sites

C:\Documents and Settings\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfderamp.exe

probably a variant of Win32/Agent.BALMYQZ trojan

C:\Documents and Settings\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfflows.exe

probably a variant of Win32/Agent.DPFFBBO trojan

C:\Documents and Settings\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfpause.exe

probably a variant of Win32/Agent.FOKESCJ trojan

C:\Documents and Settings\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dftubefill.exe

probably a variant of Win32/Agent.ICWSIRW trojan

C:\Documents and Settings\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfvdig.exe

probably a variant of Win32/Agent.CGELMFL trojan

C:\Documents and Settings\Writing\Downloads\SoftonicDownloader_for_pivot-stickfigure-animator.exe a variant of

Win32/SoftonicDownloader.A application

C:\Users\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfderamp.exe probably a variant of

Win32/Agent.BALMYQZ trojan

C:\Users\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfflows.exe probably a variant of

Win32/Agent.DPFFBBO trojan

C:\Users\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfpause.exe probably a variant of

Win32/Agent.FOKESCJ trojan

C:\Users\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dftubefill.exe probably a variant of

Win32/Agent.ICWSIRW trojan

C:\Users\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfvdig.exe probably a variant of

Win32/Agent.CGELMFL trojan

C:\Users\Writing\Downloads\SoftonicDownloader_for_pivot-stickfigure-animator.exe a variant of

Win32/SoftonicDownloader.A application

C:\Windows\Temp\5689.sys Win32/Agent.TGP trojan

C:\Windows\Temp\nvapdq\setup.exe a variant of Win32/Kryptik.WTH trojan

11:37:14.0318 1460 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

11:37:15.0160 1460 ============================================================

11:37:15.0160 1460 Current date / time: 2011/12/10 11:37:15.0160

11:37:15.0160 1460 SystemInfo:

11:37:15.0160 1460

11:37:15.0160 1460 OS Version: 6.1.7600 ServicePack: 0.0

11:37:15.0160 1460 Product type: Workstation

11:37:15.0160 1460 ComputerName: ROBERTRON

11:37:15.0160 1460 UserName: Robert

11:37:15.0160 1460 Windows directory: C:\Windows

11:37:15.0160 1460 System windows directory: C:\Windows

11:37:15.0160 1460 Processor architecture: Intel x86

11:37:15.0160 1460 Number of processors: 2

11:37:15.0160 1460 Page size: 0x1000

11:37:15.0160 1460 Boot type: Normal boot

11:37:15.0160 1460 ============================================================

11:37:16.0471 1460 Initialize success

11:38:24.0814 1668 ============================================================

11:38:24.0814 1668 Scan started

11:38:24.0814 1668 Mode: Manual;

11:38:24.0814 1668 ============================================================

11:38:25.0189 1668 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

11:38:25.0189 1668 1394ohci - ok

11:38:25.0345 1668 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

11:38:25.0423 1668 ACPI - ok

11:38:25.0579 1668 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

11:38:25.0594 1668 AcpiPmi - ok

11:38:25.0766 1668 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

11:38:25.0781 1668 adp94xx - ok

11:38:26.0000 1668 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

11:38:26.0015 1668 adpahci - ok

11:38:26.0171 1668 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

11:38:26.0171 1668 adpu320 - ok

11:38:26.0359 1668 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

11:38:26.0374 1668 AFD - ok

11:38:26.0499 1668 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

11:38:26.0499 1668 agp440 - ok

11:38:26.0655 1668 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

11:38:26.0655 1668 aic78xx - ok

11:38:26.0842 1668 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

11:38:26.0842 1668 aliide - ok

11:38:26.0967 1668 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

11:38:26.0983 1668 amdagp - ok

11:38:27.0107 1668 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

11:38:27.0107 1668 amdide - ok

11:38:27.0263 1668 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

11:38:27.0263 1668 AmdK8 - ok

11:38:27.0419 1668 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

11:38:27.0435 1668 AmdPPM - ok

11:38:27.0575 1668 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

11:38:27.0591 1668 amdsata - ok

11:38:27.0763 1668 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

11:38:27.0778 1668 amdsbs - ok

11:38:27.0919 1668 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

11:38:27.0919 1668 amdxata - ok

11:38:28.0106 1668 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

11:38:28.0106 1668 AppID - ok

11:38:28.0277 1668 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

11:38:28.0277 1668 arc - ok

11:38:28.0402 1668 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

11:38:28.0418 1668 arcsas - ok

11:38:28.0574 1668 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

11:38:28.0574 1668 AsyncMac - ok

11:38:28.0714 1668 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

11:38:28.0714 1668 atapi - ok

11:38:28.0855 1668 athr (2eb96571fe865f07ed1fd6017575026f) C:\Windows\system32\DRIVERS\athr.sys

11:38:28.0886 1668 athr - ok

11:38:29.0057 1668 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

11:38:29.0073 1668 b06bdrv - ok

11:38:29.0213 1668 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

11:38:29.0229 1668 b57nd60x - ok

11:38:29.0401 1668 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

11:38:29.0401 1668 Beep - ok

11:38:29.0619 1668 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

11:38:29.0635 1668 blbdrive - ok

11:38:29.0837 1668 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

11:38:30.0134 1668 bowser - ok

11:38:30.0274 1668 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

11:38:30.0274 1668 BrFiltLo - ok

11:38:30.0399 1668 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

11:38:30.0415 1668 BrFiltUp - ok

11:38:30.0571 1668 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

11:38:30.0586 1668 Brserid - ok

11:38:30.0711 1668 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

11:38:30.0711 1668 BrSerWdm - ok

11:38:30.0836 1668 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:38:30.0836 1668 BrUsbMdm - ok

11:38:30.0976 1668 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

11:38:30.0976 1668 BrUsbSer - ok

11:38:31.0132 1668 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys

11:38:31.0132 1668 BthEnum - ok

11:38:31.0304 1668 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

11:38:31.0304 1668 BTHMODEM - ok

11:38:31.0475 1668 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

11:38:31.0491 1668 BthPan - ok

11:38:31.0694 1668 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys

11:38:32.0240 1668 BTHPORT - ok

11:38:32.0396 1668 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys

11:38:32.0411 1668 BTHUSB - ok

11:38:32.0567 1668 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys

11:38:32.0567 1668 btwaudio - ok

11:38:32.0692 1668 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\DRIVERS\btwavdt.sys

11:38:32.0708 1668 btwavdt - ok

11:38:32.0864 1668 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys

11:38:33.0613 1668 btwl2cap - ok

11:38:33.0737 1668 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys

11:38:33.0737 1668 btwrchid - ok

11:38:33.0878 1668 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

11:38:33.0893 1668 cdfs - ok

11:38:34.0049 1668 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

11:38:34.0049 1668 cdrom - ok

11:38:34.0221 1668 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys

11:38:34.0237 1668 cfwids - ok

11:38:34.0346 1668 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

11:38:34.0346 1668 circlass - ok

11:38:34.0455 1668 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

11:38:34.0471 1668 CLFS - ok

11:38:34.0642 1668 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

11:38:34.0642 1668 CmBatt - ok

11:38:34.0767 1668 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

11:38:34.0767 1668 cmdide - ok

11:38:34.0907 1668 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

11:38:34.0923 1668 CNG - ok

11:38:35.0063 1668 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

11:38:35.0063 1668 Compbatt - ok

11:38:35.0188 1668 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

11:38:35.0188 1668 CompositeBus - ok

11:38:35.0375 1668 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

11:38:35.0375 1668 crcdisk - ok

11:38:35.0656 1668 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

11:38:35.0656 1668 DfsC - ok

11:38:35.0812 1668 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

11:38:35.0812 1668 discache - ok

11:38:35.0937 1668 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

11:38:35.0953 1668 Disk - ok

11:38:36.0077 1668 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys

11:38:36.0358 1668 DKbFltr - ok

11:38:36.0577 1668 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

11:38:36.0592 1668 drmkaud - ok

11:38:36.0748 1668 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

11:38:36.0779 1668 DXGKrnl - ok

11:38:36.0920 1668 EagleNT - ok

11:38:37.0450 1668 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

11:38:37.0575 1668 ebdrv - ok

11:38:37.0778 1668 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

11:38:37.0793 1668 elxstor - ok

11:38:37.0965 1668 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

11:38:37.0981 1668 ErrDev - ok

11:38:38.0137 1668 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

11:38:38.0152 1668 exfat - ok

11:38:38.0261 1668 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

11:38:38.0277 1668 fastfat - ok

11:38:38.0433 1668 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

11:38:38.0433 1668 fdc - ok

11:38:38.0589 1668 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

11:38:38.0605 1668 FileInfo - ok

11:38:38.0714 1668 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

11:38:38.0729 1668 Filetrace - ok

11:38:38.0854 1668 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

11:38:38.0854 1668 flpydisk - ok

11:38:38.0979 1668 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

11:38:38.0995 1668 FltMgr - ok

11:38:39.0151 1668 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

11:38:39.0151 1668 FsDepends - ok

11:38:39.0275 1668 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

11:38:39.0275 1668 Fs_Rec - ok

11:38:39.0431 1668 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

11:38:39.0447 1668 fvevol - ok

11:38:39.0603 1668 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

11:38:39.0603 1668 gagp30kx - ok

11:38:39.0837 1668 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

11:38:39.0837 1668 hcw85cir - ok

11:38:39.0993 1668 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

11:38:40.0009 1668 HdAudAddService - ok

11:38:40.0133 1668 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

11:38:40.0149 1668 HDAudBus - ok

11:38:40.0274 1668 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

11:38:40.0274 1668 HidBatt - ok

11:38:40.0399 1668 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

11:38:40.0414 1668 HidBth - ok

11:38:40.0523 1668 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

11:38:40.0523 1668 HidIr - ok

11:38:40.0679 1668 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

11:38:40.0695 1668 HidUsb - ok

11:38:40.0851 1668 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

11:38:40.0867 1668 HpSAMD - ok

11:38:41.0007 1668 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

11:38:41.0023 1668 HTTP - ok

11:38:41.0147 1668 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

11:38:41.0147 1668 hwpolicy - ok

11:38:41.0288 1668 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

11:38:41.0288 1668 i8042prt - ok

11:38:41.0491 1668 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys

11:38:41.0491 1668 iaStor - ok

11:38:41.0647 1668 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

11:38:41.0662 1668 iaStorV - ok

11:38:42.0037 1668 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

11:38:42.0208 1668 igfx - ok

11:38:42.0349 1668 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

11:38:42.0349 1668 iirsp - ok

11:38:42.0614 1668 IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys

11:38:42.0879 1668 IntcAzAudAddService - ok

11:38:43.0019 1668 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

11:38:43.0019 1668 intelide - ok

11:38:43.0144 1668 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

11:38:43.0160 1668 intelppm - ok

11:38:43.0285 1668 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:38:43.0285 1668 IpFilterDriver - ok

11:38:43.0519 1668 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

11:38:43.0534 1668 IPMIDRV - ok

11:38:43.0659 1668 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

11:38:43.0659 1668 IPNAT - ok

11:38:43.0784 1668 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

11:38:43.0784 1668 IRENUM - ok

11:38:43.0893 1668 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

11:38:43.0893 1668 isapnp - ok

11:38:44.0018 1668 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

11:38:44.0033 1668 iScsiPrt - ok

11:38:44.0158 1668 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

11:38:44.0158 1668 kbdclass - ok

11:38:44.0299 1668 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

11:38:44.0299 1668 kbdhid - ok

11:38:44.0423 1668 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

11:38:44.0423 1668 KSecDD - ok

11:38:44.0564 1668 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

11:38:45.0141 1668 KSecPkg - ok

11:38:45.0359 1668 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\Windows\system32\DRIVERS\L1C62x86.sys

11:38:45.0359 1668 L1C - ok

11:38:45.0562 1668 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

11:38:45.0562 1668 lltdio - ok

11:38:45.0718 1668 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

11:38:45.0734 1668 LSI_FC - ok

11:38:45.0859 1668 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

11:38:45.0859 1668 LSI_SAS - ok

11:38:45.0999 1668 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

11:38:45.0999 1668 LSI_SAS2 - ok

11:38:46.0108 1668 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

11:38:46.0124 1668 LSI_SCSI - ok

11:38:46.0233 1668 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

11:38:46.0249 1668 luafv - ok

11:38:46.0467 1668 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

11:38:46.0483 1668 megasas - ok

11:38:46.0623 1668 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

11:38:46.0639 1668 MegaSR - ok

11:38:46.0795 1668 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys

11:38:46.0810 1668 mfeapfk - ok

11:38:46.0951 1668 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys

11:38:47.0231 1668 mfeavfk - ok

11:38:47.0372 1668 mfeavfk01 - ok

11:38:47.0543 1668 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys

11:38:47.0824 1668 mfebopk - ok

11:38:48.0011 1668 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys

11:38:48.0027 1668 mfefirek - ok

11:38:48.0167 1668 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys

11:38:48.0760 1668 mfehidk - ok

11:38:48.0901 1668 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys

11:38:49.0150 1668 mfenlfk - ok

11:38:49.0400 1668 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys

11:38:49.0400 1668 mferkdet - ok

11:38:49.0634 1668 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys

11:38:49.0899 1668 mfewfpk - ok

11:38:50.0102 1668 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

11:38:50.0102 1668 Modem - ok

11:38:50.0242 1668 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

11:38:50.0258 1668 monitor - ok

11:38:50.0367 1668 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

11:38:50.0367 1668 mouclass - ok

11:38:50.0492 1668 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

11:38:50.0492 1668 mouhid - ok

11:38:50.0632 1668 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

11:38:50.0632 1668 mountmgr - ok

11:38:50.0757 1668 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

11:38:50.0757 1668 mpio - ok

11:38:50.0866 1668 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

11:38:50.0882 1668 mpsdrv - ok

11:38:51.0007 1668 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

11:38:51.0022 1668 MRxDAV - ok

11:38:51.0178 1668 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:38:51.0178 1668 mrxsmb - ok

11:38:51.0319 1668 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:38:51.0865 1668 mrxsmb10 - ok

11:38:52.0083 1668 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:38:52.0083 1668 mrxsmb20 - ok

11:38:52.0239 1668 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

11:38:52.0239 1668 msahci - ok

11:38:52.0364 1668 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

11:38:52.0364 1668 msdsm - ok

11:38:52.0535 1668 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

11:38:52.0535 1668 Msfs - ok

11:38:52.0645 1668 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

11:38:52.0645 1668 mshidkmdf - ok

11:38:52.0754 1668 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

11:38:52.0769 1668 msisadrv - ok

11:38:52.0925 1668 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

11:38:52.0925 1668 MSKSSRV - ok

11:38:53.0050 1668 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

11:38:53.0066 1668 MSPCLOCK - ok

11:38:53.0175 1668 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

11:38:53.0175 1668 MSPQM - ok

11:38:53.0300 1668 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

11:38:53.0315 1668 MsRPC - ok

11:38:53.0440 1668 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

11:38:53.0456 1668 mssmbios - ok

11:38:53.0581 1668 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

11:38:53.0581 1668 MSTEE - ok

11:38:53.0705 1668 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

11:38:53.0705 1668 MTConfig - ok

11:38:53.0830 1668 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

11:38:53.0830 1668 Mup - ok

11:38:53.0955 1668 mwlPSDFilter (cb47c414e083ca6e50e634b148f28f64) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

11:38:53.0955 1668 mwlPSDFilter - ok

11:38:54.0080 1668 mwlPSDNServ (647b953019559bff07536f5c6121f333) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

11:38:54.0548 1668 mwlPSDNServ - ok

11:38:54.0688 1668 mwlPSDVDisk (5a236a36db8687d1e64dc81c03eaabe1) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

11:38:54.0688 1668 mwlPSDVDisk - ok

11:38:54.0844 1668 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

11:38:54.0860 1668 NativeWifiP - ok

11:38:54.0985 1668 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

11:38:55.0016 1668 NDIS - ok

11:38:55.0125 1668 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

11:38:55.0141 1668 NdisCap - ok

11:38:55.0250 1668 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

11:38:55.0265 1668 NdisTapi - ok

11:38:55.0406 1668 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

11:38:55.0421 1668 Ndisuio - ok

11:38:55.0546 1668 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

11:38:55.0562 1668 NdisWan - ok

11:38:55.0671 1668 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

11:38:55.0671 1668 NDProxy - ok

11:38:55.0827 1668 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

11:38:55.0827 1668 NetBIOS - ok

11:38:55.0983 1668 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

11:38:55.0983 1668 NetBT - ok

11:38:56.0217 1668 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

11:38:56.0233 1668 nfrd960 - ok

11:38:56.0404 1668 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

11:38:56.0404 1668 Npfs - ok

11:38:56.0529 1668 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

11:38:56.0545 1668 nsiproxy - ok

11:38:56.0732 1668 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

11:38:56.0747 1668 Ntfs - ok

11:38:56.0857 1668 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

11:38:56.0857 1668 Null - ok

11:38:56.0997 1668 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

11:38:57.0013 1668 nvraid - ok

11:38:57.0184 1668 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

11:38:57.0200 1668 nvstor - ok

11:38:57.0309 1668 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

11:38:57.0325 1668 nv_agp - ok

11:38:57.0481 1668 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

11:38:57.0481 1668 ohci1394 - ok

11:38:57.0730 1668 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

11:38:57.0730 1668 Parport - ok

11:38:57.0855 1668 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

11:38:57.0855 1668 partmgr - ok

11:38:57.0964 1668 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

11:38:57.0980 1668 Parvdm - ok

11:38:58.0105 1668 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

11:38:58.0120 1668 pci - ok

11:38:58.0261 1668 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

11:38:58.0261 1668 pciide - ok

11:38:58.0401 1668 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

11:38:58.0417 1668 pcmcia - ok

11:38:58.0541 1668 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

11:38:58.0541 1668 pcw - ok

11:38:58.0729 1668 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

11:38:58.0744 1668 PEAUTH - ok

11:38:58.0978 1668 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

11:38:58.0994 1668 PptpMiniport - ok

11:38:59.0119 1668 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

11:38:59.0134 1668 Processor - ok

11:38:59.0290 1668 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

11:38:59.0306 1668 Psched - ok

11:38:59.0493 1668 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

11:38:59.0524 1668 ql2300 - ok

11:38:59.0665 1668 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

11:38:59.0665 1668 ql40xx - ok

11:38:59.0805 1668 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

11:38:59.0805 1668 QWAVEdrv - ok

11:38:59.0930 1668 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

11:38:59.0930 1668 RasAcd - ok

11:39:00.0070 1668 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:39:00.0070 1668 RasAgileVpn - ok

11:39:00.0226 1668 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:39:00.0226 1668 Rasl2tp - ok

11:39:00.0367 1668 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

11:39:00.0382 1668 RasPppoe - ok

11:39:00.0507 1668 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

11:39:00.0523 1668 RasSstp - ok

11:39:00.0679 1668 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

11:39:00.0694 1668 rdbss - ok

11:39:00.0803 1668 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

11:39:00.0803 1668 rdpbus - ok

11:39:00.0928 1668 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:39:00.0928 1668 RDPCDD - ok

11:39:01.0069 1668 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

11:39:01.0084 1668 RDPENCDD - ok

11:39:01.0225 1668 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

11:39:01.0225 1668 RDPREFMP - ok

11:39:01.0349 1668 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

11:39:01.0365 1668 RDPWD - ok

11:39:01.0537 1668 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

11:39:01.0537 1668 rdyboost - ok

11:39:01.0786 1668 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

11:39:01.0802 1668 RFCOMM - ok

11:39:02.0005 1668 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

11:39:02.0020 1668 rspndr - ok

11:39:02.0176 1668 RSUSBSTOR (96f8dd546677aa5102150acc140377b3) C:\Windows\system32\Drivers\RtsUStor.sys

11:39:02.0176 1668 RSUSBSTOR - ok

11:39:02.0301 1668 RtsUIR - ok

11:39:02.0504 1668 SbieDrv (3ab6cad1ddfa84cd7bc3d1a759b1e81e) C:\Program Files\Sandboxie\SbieDrv.sys

11:39:02.0504 1668 SbieDrv - ok

11:39:02.0660 1668 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

11:39:02.0676 1668 sbp2port - ok

11:39:02.0800 1668 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

11:39:02.0816 1668 scfilter - ok

11:39:02.0972 1668 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

11:39:02.0972 1668 secdrv - ok

11:39:03.0128 1668 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

11:39:03.0128 1668 Serenum - ok

11:39:03.0253 1668 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

11:39:03.0253 1668 Serial - ok

11:39:03.0409 1668 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

11:39:03.0409 1668 sermouse - ok

11:39:03.0580 1668 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

11:39:03.0596 1668 sffdisk - ok

11:39:03.0721 1668 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

11:39:03.0721 1668 sffp_mmc - ok

11:39:03.0877 1668 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

11:39:04.0064 1668 sffp_sd - ok

11:39:04.0236 1668 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

11:39:04.0236 1668 sfloppy - ok

11:39:04.0423 1668 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

11:39:04.0438 1668 sisagp - ok

11:39:04.0548 1668 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

11:39:04.0548 1668 SiSRaid2 - ok

11:39:04.0672 1668 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

11:39:04.0688 1668 SiSRaid4 - ok

11:39:04.0813 1668 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

11:39:04.0828 1668 Smb - ok

11:39:04.0984 1668 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

11:39:04.0984 1668 spldr - ok

11:39:05.0187 1668 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

11:39:05.0187 1668 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

11:39:05.0187 1668 sptd ( LockedFile.Multi.Generic ) - warning

11:39:05.0187 1668 sptd - detected LockedFile.Multi.Generic (1)

11:39:05.0343 1668 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

11:39:05.0359 1668 srv - ok

11:39:05.0577 1668 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

11:39:05.0796 1668 srv2 - ok

11:39:05.0967 1668 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

11:39:05.0983 1668 srvnet - ok

11:39:06.0170 1668 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

11:39:06.0170 1668 stexstor - ok

11:39:06.0310 1668 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

11:39:06.0326 1668 swenum - ok

11:39:06.0498 1668 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys

11:39:06.0513 1668 SynTP - ok

11:39:06.0763 1668 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys

11:39:07.0012 1668 Tcpip - ok

11:39:07.0184 1668 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys

11:39:07.0434 1668 TCPIP6 - ok

11:39:07.0558 1668 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

11:39:07.0574 1668 tcpipreg - ok

11:39:07.0699 1668 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

11:39:07.0714 1668 TDPIPE - ok

11:39:07.0824 1668 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

11:39:07.0839 1668 TDTCP - ok

11:39:07.0995 1668 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

11:39:07.0995 1668 tdx - ok

11:39:08.0151 1668 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

11:39:08.0151 1668 TermDD - ok

11:39:08.0370 1668 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:39:08.0385 1668 tssecsrv - ok

11:39:08.0526 1668 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

11:39:08.0526 1668 tunnel - ok

11:39:08.0650 1668 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

11:39:08.0666 1668 uagp35 - ok

11:39:08.0791 1668 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

11:39:08.0806 1668 udfs - ok

11:39:08.0978 1668 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

11:39:08.0978 1668 uliagpkx - ok

11:39:09.0118 1668 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

11:39:09.0134 1668 umbus - ok

11:39:09.0243 1668 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

11:39:09.0259 1668 UmPass - ok

11:39:09.0430 1668 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys

11:39:09.0430 1668 usbccgp - ok

11:39:09.0555 1668 USBCCID - ok

11:39:09.0680 1668 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

11:39:09.0696 1668 usbcir - ok

11:39:09.0836 1668 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys

11:39:09.0852 1668 usbehci - ok

11:39:09.0992 1668 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys

11:39:10.0398 1668 usbhub - ok

11:39:10.0554 1668 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys

11:39:10.0554 1668 usbohci - ok

11:39:10.0694 1668 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

11:39:10.0710 1668 usbprint - ok

11:39:10.0850 1668 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

11:39:10.0866 1668 usbscan - ok

11:39:11.0006 1668 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:39:11.0022 1668 USBSTOR - ok

11:39:11.0162 1668 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys

11:39:11.0162 1668 usbuhci - ok

11:39:11.0318 1668 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys

11:39:11.0318 1668 usbvideo - ok

11:39:11.0505 1668 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

11:39:11.0521 1668 vdrvroot - ok

11:39:11.0661 1668 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

11:39:11.0677 1668 vga - ok

11:39:11.0802 1668 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

11:39:11.0802 1668 VgaSave - ok

11:39:11.0942 1668 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

11:39:11.0942 1668 vhdmp - ok

11:39:12.0082 1668 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

11:39:12.0082 1668 viaagp - ok

11:39:12.0207 1668 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

11:39:12.0223 1668 ViaC7 - ok

11:39:12.0348 1668 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

11:39:12.0348 1668 viaide - ok

11:39:12.0457 1668 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

11:39:12.0472 1668 volmgr - ok

11:39:12.0597 1668 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

11:39:12.0613 1668 volmgrx - ok

11:39:12.0738 1668 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

11:39:12.0753 1668 volsnap - ok

11:39:12.0878 1668 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

11:39:12.0878 1668 vsmraid - ok

11:39:13.0034 1668 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

11:39:13.0034 1668 vwifibus - ok

11:39:13.0190 1668 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

11:39:13.0206 1668 vwififlt - ok

11:39:13.0362 1668 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

11:39:13.0362 1668 WacomPen - ok

11:39:13.0502 1668 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

11:39:13.0518 1668 WANARP - ok

11:39:13.0533 1668 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

11:39:13.0549 1668 Wanarpv6 - ok

11:39:13.0736 1668 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

11:39:13.0752 1668 Wd - ok

11:39:13.0923 1668 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

11:39:13.0939 1668 Wdf01000 - ok

11:39:14.0157 1668 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

11:39:14.0157 1668 WfpLwf - ok

11:39:14.0282 1668 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

11:39:14.0298 1668 WIMMount - ok

11:39:14.0547 1668 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

11:39:14.0547 1668 WmiAcpi - ok

11:39:14.0766 1668 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

11:39:14.0766 1668 ws2ifsl - ok

11:39:14.0937 1668 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys

11:39:14.0937 1668 WSDPrintDevice - ok

11:39:15.0124 1668 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

11:39:15.0124 1668 WudfPf - ok

11:39:15.0280 1668 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:39:15.0280 1668 WUDFRd - ok

11:39:15.0421 1668 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

11:39:15.0436 1668 \Device\Harddisk0\DR0 - ok

11:39:15.0452 1668 Boot (0x1200) (7aedc91a9419126f40c4b7d2ef5891ed) \Device\Harddisk0\DR0\Partition0

11:39:15.0452 1668 \Device\Harddisk0\DR0\Partition0 - ok

11:39:15.0483 1668 Boot (0x1200) (f20e601eb41051bd5fda3bb33049e93b) \Device\Harddisk0\DR0\Partition1

11:39:15.0483 1668 \Device\Harddisk0\DR0\Partition1 - ok

11:39:15.0483 1668 ============================================================

11:39:15.0483 1668 Scan finished

11:39:15.0483 1668 ============================================================

11:39:15.0514 5248 Detected object count: 1

11:39:15.0514 5248 Actual detected object count: 1

11:39:23.0970 5248 sptd ( LockedFile.Multi.Generic ) - skipped by user

11:39:23.0970 5248 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Hi

No further action needed to TDSSKiller scan results.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Link to post
Share on other sites

ComboFix 11-12-10.01 - Robert 12/10/2011 18:44:06.1.2 - x86

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.532 [GMT -6:00]

Running from: c:\users\Robert.ROBERTRON\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB22385$

c:\windows\$NtUninstallKB22385$\1573020010

c:\windows\$NtUninstallKB22385$\785283519\@

c:\windows\$NtUninstallKB22385$\785283519\bckfg.tmp

c:\windows\$NtUninstallKB22385$\785283519\cfg.ini

c:\windows\$NtUninstallKB22385$\785283519\Desktop.ini

c:\windows\$NtUninstallKB22385$\785283519\keywords

c:\windows\$NtUninstallKB22385$\785283519\kwrd.dll

c:\windows\$NtUninstallKB22385$\785283519\L\xadqgnnk

c:\windows\$NtUninstallKB22385$\785283519\lsflt7.ver

c:\windows\$NtUninstallKB22385$\785283519\U\00000001.@

c:\windows\$NtUninstallKB22385$\785283519\U\00000002.@

c:\windows\$NtUninstallKB22385$\785283519\U\00000004.@

c:\windows\$NtUninstallKB22385$\785283519\U\80000000.@

c:\windows\$NtUninstallKB22385$\785283519\U\80000004.@

c:\windows\$NtUninstallKB22385$\785283519\U\80000032.@

.

.

((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))

.

.

2011-12-11 01:28 . 2011-12-11 01:28 -------- d-----w- c:\users\Writing\AppData\Local\temp

2011-12-11 01:28 . 2011-12-11 03:21 -------- d-----w- c:\users\Robert.ROBERTRON\AppData\Local\temp

2011-12-11 01:28 . 2011-12-11 01:28 -------- d-----w- c:\users\Robert\AppData\Local\temp

2011-12-11 01:28 . 2011-12-11 01:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-11 00:17 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-12-09 20:23 . 2011-12-09 20:23 -------- d-----w- c:\program files\ESET

2011-12-08 18:02 . 2011-12-08 18:02 -------- d-----r- C:\Sandbox

2011-12-08 17:59 . 2011-12-08 17:59 -------- d-----w- c:\program files\Sandboxie

2011-12-03 02:55 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-28 01:05 . 2011-11-28 01:05 0 ---ha-w- c:\users\Robert.ROBERTRON\AppData\Local\BIT91C4.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-10 14:00 . 2011-06-30 17:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-18 20:32 . 2011-09-14 22:24 150856 ----a-w- c:\windows\system32\mfevtps.exe

2011-10-15 19:16 . 2011-09-14 22:24 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-10-15 19:16 . 2011-09-14 22:24 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-10-15 19:16 . 2011-09-14 22:24 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-10-15 19:16 . 2011-09-14 22:24 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-10-15 19:16 . 2011-09-14 22:24 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-10-15 19:16 . 2011-09-14 22:24 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-10-15 19:16 . 2011-09-14 22:24 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-10-15 19:16 . 2011-09-14 22:24 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-10-15 19:16 . 2011-09-14 22:24 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-10-15 19:16 . 2011-09-14 22:24 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-10-13 14:32 . 2011-10-13 14:32 0 ---ha-w- c:\users\Robert.ROBERTRON\AppData\Local\BIT9461.tmp

2011-10-13 14:07 . 2011-10-13 14:07 0 ---ha-w- c:\users\Writing\AppData\Local\BITA752.tmp

2011-10-01 02:59 . 2011-10-15 01:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-29 15:43 . 2011-11-10 14:14 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-29 04:20 . 2011-11-10 14:14 2339840 ----a-w- c:\windows\system32\win32k.sys

2011-11-10 14:07 . 2011-10-01 17:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 19:01 . 2011-09-14 22:24 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-08-06 17:18 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-18 39408]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 442640]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-02 1130504]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 707104]

"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]

"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]

"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

.

c:\users\Robert.ROBERTRON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-18 708608]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-17 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-08-18 07:46 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 135664]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 135664]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 87656]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-16 691696]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 64880]

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-15 165680]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 18992]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 16432]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60976]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 727584]

S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 94880]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 160608]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-18 150856]

S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]

S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 57600]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 338176]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-11 c:\windows\Tasks\Acer Registration Reminder.job

- c:\program files\Acer\Registration\GREG.exe [2009-07-31 06:55]

.

2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 02:26]

.

2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 02:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=27b505103335l0384wwh5w57323493

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Robert.ROBERTRON\AppData\Roaming\Mozilla\Firefox\Profiles\isyy18f7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2964)

c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll

c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Sandboxie\SbieSvc.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Common Files\McAfee\SystemCore\mfefire.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\progra~1\mcafee\msc\mcupdmgr.exe

c:\windows\system32\taskhost.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\windows\system32\conhost.exe

.

**************************************************************************

.

Completion time: 2011-12-10 21:30:53 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-11 03:30

.

Pre-Run: 65,180,618,752 bytes free

Post-Run: 71,663,845,376 bytes free

.

- - End Of File - - 85B1CDF4B4B7A9E959A20911C88C73D9

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26

Run by Robert at 11:52:43 on 2011-12-11

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.361 [GMT -6:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files\Acer\Registration\GregHSRW.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Acer\Acer VCM\RS_Service.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=27b505103335l0384wwh5w57323493

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111114195646.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [LManager] c:\program files\launch manager\LManager.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe

mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"

mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe

mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED

mRun: [PLFSetI] c:\windows\PLFSetI.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\users\robert~1.rob\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\users\robert~1.rob\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\14344434658444C425 : DhcpNameServer = 10.0.1.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\2456C6B696E6E233644343 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\4616679646130313 : DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\75962756C6563737 : DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\E4544574541425 : DhcpNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\robert.robertron\appdata\roaming\mozilla\firefox\profiles\isyy18f7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\sony\media go\npmediago.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

.

============= SERVICES / DRIVERS ===============

.

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-9-14 57600]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-9-13 29472]

.

=============== Created Last 30 ================

.

2011-12-11 03:21:38 -------- d-----w- C:\$RECYCLE.BIN

2011-12-11 01:28:38 -------- d-----w- c:\users\robert.robertron\appdata\local\temp

2011-12-11 00:17:05 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-12-10 23:09:31 98816 ----a-w- c:\windows\sed.exe

2011-12-10 23:09:31 518144 ----a-w- c:\windows\SWREG.exe

2011-12-10 23:09:31 256000 ----a-w- c:\windows\PEV.exe

2011-12-10 23:09:31 208896 ----a-w- c:\windows\MBR.exe

2011-12-10 23:09:03 -------- d-----w- C:\ComboFix

2011-12-09 20:23:18 -------- d-----w- c:\program files\ESET

2011-12-08 18:02:51 -------- d-----r- C:\Sandbox

2011-12-08 17:59:11 -------- d-----w- c:\program files\Sandboxie

2011-12-03 02:55:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-28 01:05:45 0 ---ha-w- c:\users\robert.robertron\appdata\local\BIT91C4.tmp

.

==================== Find3M ====================

.

2011-11-10 14:00:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-18 20:32:30 150856 ----a-w- c:\windows\system32\mfevtps.exe

2011-10-15 19:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-10-15 19:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-10-15 19:16:16 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-10-15 19:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-10-15 19:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-10-15 19:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-10-15 19:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-10-15 19:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-10-15 19:16:16 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-10-15 19:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-29 15:43:37 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-29 04:20:25 2339840 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 11:56:46.49 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Starter

Boot Device: \Device\HarddiskVolume2

Install Date: 5/18/2010 4:54:23 AM

System Uptime: 12/10/2011 7:30:27 PM (16 hours ago)

.

Motherboard: Acer | | Aspire one

Processor: Intel® Atom CPU N280 @ 1.66GHz | CPU | 1333/667mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 221 GiB total, 66.691 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP404: 11/22/2011 3:00:15 AM - Windows Update

RP405: 11/23/2011 3:00:15 AM - Windows Update

RP406: 11/27/2011 10:47:18 AM - Windows Update

RP407: 11/28/2011 8:35:50 AM - Windows Update

RP408: 11/30/2011 12:57:08 PM - Windows Update

RP409: 12/1/2011 3:00:22 AM - Windows Update

RP410: 12/2/2011 3:00:10 AM - Windows Update

RP411: 12/3/2011 3:00:18 AM - Windows Update

RP412: 12/4/2011 3:00:23 AM - Windows Update

RP413: 12/5/2011 7:41:46 AM - Windows Update

RP414: 12/6/2011 3:00:21 AM - Windows Update

RP415: 12/7/2011 10:11:45 AM - Windows Update

RP416: 12/8/2011 11:43:33 AM - Windows Update

RP417: 12/9/2011 3:00:16 AM - Windows Update

RP418: 12/10/2011 3:00:15 AM - Windows Update

RP419: 12/11/2011 3:00:17 AM - Windows Update

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 2 (SP2)

7-Zip 4.65

Acer Assist

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer Games

Acer Registration

Acer ScreenSaver

Acer Updater

Acer VCM

Acrobat.com

ActiveState Komodo Edit 6.1.2

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.3

Age of Empires III

Age of Empires III - The Asian Dynasties

Age of Empires III - The WarChiefs

Apple Application Support

Apple Software Update

Aspell English Dictionary-0.50-2

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Battle for Wesnoth 1.8.6

Blender (remove only)

Choice Guard

Compatibility Pack for the 2007 Office system

D3DX10

Debut Video Capture Software

eBay Worldwide

ESET Online Scanner v3

eSobi v2

Fallout

Fallout Tactics

Fallout2

FBIde 0.4.6

FileZilla Client 3.5.0

FreeBASIC 0.21.1

GIMP 2.6.9

GNU Aspell 0.50-3

Google Toolbar for Internet Explorer

Google Update Helper

Icewind Dale II

Identity Card

ImgBurn

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

JADE (Java-based Ancient Domains Engine)

Java Auto Updater

Java 6 Update 26

Junk Mail filter update

Launch Manager

LEGO Digital Designer

Lords of Magic Special Edition

Majesty: Gold Edition

Malwarebytes' Anti-Malware

MapleStory

McAfee Internet Security Suite

Media Go

Media Go Video Playback Engine 1.64.104.02270

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Age of Empires II

Microsoft Age of Empires II: The Conquerors Expansion

Microsoft Application Error Reporting

Microsoft GIF Animator

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft XNA Framework Redistributable 4.0

Morrowind

Mozilla Firefox 8.0 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyWinLocker

Neverwinter Nights

Norton Online Backup

Notepad++

OpenOffice.org 3.2

Paint.NET v3.5.10

Pivot Stickfigure Animator

PlayStation®Network Downloader

PlayStation®Store

Pokemon World Online version 1.8

PokerTH

Port Royale 2

Python 2.6 pygame-1.9.1

Python 2.7.2

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Red Alert Windows 95

RPGToolkit, Version 3.1.0

Sandboxie 3.62 (32-bit)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for 2007 Microsoft Office System (KB982312)

Security Update for 2007 Microsoft Office System (KB982331)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Office Excel 2007 (KB982308)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB982135)

Sid Meier's Alpha Centauri

Sid Meier's Alpha Centauri 2000/XP Compatibility Update

Sid Meier's Civilization III: Complete

Star Wars Empire at War

Star Wars Empire at War Forces of Corruption

Star Wars Jedi Knight: Jedi Academy

Steam

Stronghold Crusader Extreme

Synaptics Pointing Device Driver

System Requirements Lab

System Requirements Lab CYRI

Terrafirma

Terraria

TES Construction Set

Unity Web Player (All users)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Script Editor Help (KB963671)

VideoPad Video Editor

VLC media player 1.1.0

Welcome Center

Wesnoth 1.0.2

WIDCOMM Bluetooth Software

WikidPad 1.9

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.01 (32-bit)

Xvid Video Codec

Yahoo! Messenger

.

==== End Of File ===========================

Link to post
Share on other sites

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:


DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

Save this as

CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).

Then post the resultant log.

Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 update for it) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 7 Update 1.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

* Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Are there still some issues present?

Link to post
Share on other sites

There don't seem to be any more issues, and my computer seems to be running a lot better now. Also, I got an error after stage 3 and I think 5. It said pev.3xe stopped working both times. I'll update the stuff you indicated and post another dds log in a bit.

ComboFix 11-12-11.02 - Robert 12/11/2011 16:18:24.2.2 - x86

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.348 [GMT -6:00]

Running from: c:\users\Robert.ROBERTRON\Desktop\ComboFix.exe

Command switches used :: c:\users\Robert.ROBERTRON\Desktop\cfscript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

/wow section - STAGE 48

grep: temp2401: No such file or directory

R6025

- pure virtual function call

.

/wow section - STAGE 50

.

.

((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))

.

.

2011-12-12 00:11 . 2011-12-12 00:11 -------- d-----w- c:\users\Writing\AppData\Local\temp

2011-12-12 00:11 . 2011-12-12 00:11 -------- d-----w- c:\users\Robert\AppData\Local\temp

2011-12-12 00:11 . 2011-12-12 00:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-11 01:28 . 2011-12-12 00:11 -------- d-----w- c:\users\Robert.ROBERTRON\AppData\Local\temp

2011-12-11 00:17 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-12-09 20:23 . 2011-12-09 20:23 -------- d-----w- c:\program files\ESET

2011-12-08 18:02 . 2011-12-08 18:02 -------- d-----r- C:\Sandbox

2011-12-08 17:59 . 2011-12-08 17:59 -------- d-----w- c:\program files\Sandboxie

2011-12-03 02:55 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-28 01:05 . 2011-11-28 01:05 0 ---ha-w- c:\users\Robert.ROBERTRON\AppData\Local\BIT91C4.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-10 14:00 . 2011-06-30 17:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-18 20:32 . 2011-09-14 22:24 150856 ----a-w- c:\windows\system32\mfevtps.exe

2011-10-15 19:16 . 2011-09-14 22:24 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-10-15 19:16 . 2011-09-14 22:24 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-10-15 19:16 . 2011-09-14 22:24 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-10-15 19:16 . 2011-09-14 22:24 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-10-15 19:16 . 2011-09-14 22:24 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-10-15 19:16 . 2011-09-14 22:24 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-10-15 19:16 . 2011-09-14 22:24 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-10-15 19:16 . 2011-09-14 22:24 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-10-15 19:16 . 2011-09-14 22:24 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-10-15 19:16 . 2011-09-14 22:24 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-10-13 14:32 . 2011-10-13 14:32 0 ---ha-w- c:\users\Robert.ROBERTRON\AppData\Local\BIT9461.tmp

2011-10-13 14:07 . 2011-10-13 14:07 0 ---ha-w- c:\users\Writing\AppData\Local\BITA752.tmp

2011-10-01 02:59 . 2011-10-15 01:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-29 15:43 . 2011-11-10 14:14 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-29 04:20 . 2011-11-10 14:14 2339840 ----a-w- c:\windows\system32\win32k.sys

2011-11-10 14:07 . 2011-10-01 17:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 19:01 . 2011-09-14 22:24 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-08-06 17:18 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-18 39408]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 442640]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-02 1130504]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 707104]

"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]

"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]

"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]

"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1318552]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

.

c:\users\Robert.ROBERTRON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-18 708608]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-17 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-08-18 07:46 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 135664]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 135664]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-15 87656]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-16 691696]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 64880]

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-15 165680]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 18992]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 16432]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60976]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 727584]

S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 94880]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-27 214904]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 214904]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 160608]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-18 150856]

S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]

S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 57600]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 338176]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-12 c:\windows\Tasks\Acer Registration Reminder.job

- c:\program files\Acer\Registration\GREG.exe [2009-07-31 06:55]

.

2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 02:26]

.

2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 02:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=27b505103335l0384wwh5w57323493

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Robert.ROBERTRON\AppData\Roaming\Mozilla\Firefox\Profiles\isyy18f7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2416)

c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll

c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll

.

Completion time: 2011-12-11 18:18:11

ComboFix-quarantined-files.txt 2011-12-12 00:18

ComboFix2.txt 2011-12-11 03:30

.

Pre-Run: 71,589,793,792 bytes free

Post-Run: 71,575,449,600 bytes free

.

- - End Of File - - 5015BD4409E6901B45BA2F9ADBE20593

Link to post
Share on other sites

C:\Documents and Settings\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfderamp.exe probably a variant of Win32/Agent.BALMYQZ trojan

C:\Documents and Settings\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfflows.exe probably a variant of Win32/Agent.DPFFBBO trojan

C:\Documents and Settings\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfpause.exe probably a variant of Win32/Agent.FOKESCJ trojan

C:\Documents and Settings\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dftubefill.exe probably a variant of Win32/Agent.ICWSIRW trojan

C:\Documents and Settings\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfvdig.exe probably a variant of Win32/Agent.CGELMFL trojan

C:\Documents and Settings\Writing\Downloads\SoftonicDownloader_for_pivot-stickfigure-animator.exe a variant of Win32/SoftonicDownloader.A application

C:\Users\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfderamp.exe probably a variant of Win32/Agent.BALMYQZ trojan

C:\Users\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfflows.exe probably a variant of Win32/Agent.DPFFBBO trojan

C:\Users\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfpause.exe probably a variant of Win32/Agent.FOKESCJ trojan

C:\Users\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dftubefill.exe probably a variant of Win32/Agent.ICWSIRW trojan

C:\Users\Robert.ROBERTRON\Desktop\game stuff\df3125\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfvdig.exe probably a variant of Win32/Agent.CGELMFL trojan

C:\Users\Writing\Downloads\SoftonicDownloader_for_pivot-stickfigure-animator.exe a variant of Win32/SoftonicDownloader.A application

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.1.0

Run by Robert at 8:23:08 on 2011-12-12

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1014.205 [GMT -6:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files\Acer\Registration\GregHSRW.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Acer\Acer VCM\RS_Service.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\msiexec.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=27b505103335l0384wwh5w57323493

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111114195646.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [LManager] c:\program files\launch manager\LManager.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe

mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"

mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe

mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED

mRun: [PLFSetI] c:\windows\PLFSetI.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\robert~1.rob\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\users\robert~1.rob\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\14344434658444C425 : DhcpNameServer = 10.0.1.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\2456C6B696E6E233644343 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\4616679646130313 : DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\75962756C6563737 : DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{4AAAF9CD-6428-41B9-8519-9006564C338E}\E4544574541425 : DhcpNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\robert.robertron\appdata\roaming\mozilla\firefox\profiles\isyy18f7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\sony\media go\npmediago.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-9-14 464176]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-9-14 64880]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-9-14 165680]

R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]

R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]

R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-8-18 727584]

R2 Greg_Service;GRegService;c:\program files\acer\registration\GregHSRW.exe [2009-6-4 1150496]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-9-14 57600]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-8-18 51712]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-14 180816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-9-14 59456]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-9-14 338176]

R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-11-23 131856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-5 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-9-13 29472]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-5 135664]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-9-14 87656]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-18 167424]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

.

=============== Created Last 30 ================

.

2011-12-12 00:16:25 -------- d-sh--w- C:\$RECYCLE.BIN

2011-12-11 22:15:05 -------- d-----w- C:\ComboFix

2011-12-11 01:28:38 -------- d-----w- c:\users\robert.robertron\appdata\local\temp

2011-12-11 00:17:05 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-12-10 23:09:31 98816 ----a-w- c:\windows\sed.exe

2011-12-10 23:09:31 518144 ----a-w- c:\windows\SWREG.exe

2011-12-10 23:09:31 256000 ----a-w- c:\windows\PEV.exe

2011-12-10 23:09:31 208896 ----a-w- c:\windows\MBR.exe

2011-12-09 20:23:18 -------- d-----w- c:\program files\ESET

2011-12-08 18:02:51 -------- d-----r- C:\Sandbox

2011-12-08 17:59:11 -------- d-----w- c:\program files\Sandboxie

2011-12-03 02:55:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-28 01:05:45 0 ---ha-w- c:\users\robert.robertron\appdata\local\BIT91C4.tmp

.

==================== Find3M ====================

.

2011-12-12 14:15:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-12 02:47:15 544656 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-18 20:32:30 150856 ----a-w- c:\windows\system32\mfevtps.exe

2011-10-15 19:16:16 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-10-15 19:16:16 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-10-15 19:16:16 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-10-15 19:16:16 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-10-15 19:16:16 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-10-15 19:16:16 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-10-15 19:16:16 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-10-15 19:16:16 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-10-15 19:16:16 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-10-15 19:16:16 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-29 15:43:37 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-29 04:20:25 2339840 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 8:26:17.45 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Starter

Boot Device: \Device\HarddiskVolume2

Install Date: 5/18/2010 4:54:23 AM

System Uptime: 12/10/2011 7:30:27 PM (37 hours ago)

.

Motherboard: Acer | | Aspire one

Processor: Intel® Atom CPU N280 @ 1.66GHz | CPU | 799/667mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 221 GiB total, 66.921 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP409: 12/1/2011 3:00:22 AM - Windows Update

RP410: 12/2/2011 3:00:10 AM - Windows Update

RP411: 12/3/2011 3:00:18 AM - Windows Update

RP412: 12/4/2011 3:00:23 AM - Windows Update

RP413: 12/5/2011 7:41:46 AM - Windows Update

RP414: 12/6/2011 3:00:21 AM - Windows Update

RP415: 12/7/2011 10:11:45 AM - Windows Update

RP416: 12/8/2011 11:43:33 AM - Windows Update

RP417: 12/9/2011 3:00:16 AM - Windows Update

RP418: 12/10/2011 3:00:15 AM - Windows Update

RP419: 12/11/2011 3:00:17 AM - Windows Update

RP420: 12/11/2011 8:43:08 PM - Removed Java 6 Update 26

RP421: 12/11/2011 8:46:46 PM - Installed Java 7 Update 1

RP422: 12/12/2011 3:00:15 AM - Windows Update

RP423: 12/12/2011 7:56:05 AM - Removed Adobe Reader 9.4.3.

RP424: 12/12/2011 8:06:29 AM - Installed Adobe Reader X (10.1.0).

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 2 (SP2)

7-Zip 4.65

Acer Assist

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer Games

Acer Registration

Acer ScreenSaver

Acer Updater

Acer VCM

Acrobat.com

ActiveState Komodo Edit 6.1.2

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.1)

Age of Empires III

Age of Empires III - The Asian Dynasties

Age of Empires III - The WarChiefs

Apple Application Support

Apple Software Update

Aspell English Dictionary-0.50-2

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Battle for Wesnoth 1.8.6

Blender (remove only)

Choice Guard

Compatibility Pack for the 2007 Office system

D3DX10

Debut Video Capture Software

eBay Worldwide

ESET Online Scanner v3

eSobi v2

Fallout

Fallout Tactics

Fallout2

FBIde 0.4.6

FileZilla Client 3.5.0

FreeBASIC 0.21.1

GIMP 2.6.9

GNU Aspell 0.50-3

Google Toolbar for Internet Explorer

Google Update Helper

Icewind Dale II

Identity Card

ImgBurn

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

JADE (Java-based Ancient Domains Engine)

Java Auto Updater

Java 7 Update 1

Junk Mail filter update

Launch Manager

LEGO Digital Designer

Lords of Magic Special Edition

Majesty: Gold Edition

Malwarebytes' Anti-Malware

MapleStory

McAfee Internet Security Suite

Media Go

Media Go Video Playback Engine 1.64.104.02270

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Age of Empires II

Microsoft Age of Empires II: The Conquerors Expansion

Microsoft Application Error Reporting

Microsoft GIF Animator

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft XNA Framework Redistributable 4.0

Morrowind

Mozilla Firefox 8.0 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyWinLocker

Neverwinter Nights

Norton Online Backup

Notepad++

OpenOffice.org 3.2

Paint.NET v3.5.10

Pivot Stickfigure Animator

PlayStation®Network Downloader

PlayStation®Store

Pokemon World Online version 1.8

PokerTH

Port Royale 2

Python 2.6 pygame-1.9.1

Python 2.7.2

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Red Alert Windows 95

RPGToolkit, Version 3.1.0

Sandboxie 3.62 (32-bit)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for 2007 Microsoft Office System (KB982312)

Security Update for 2007 Microsoft Office System (KB982331)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft Office Excel 2007 (KB982308)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB982135)

Sid Meier's Alpha Centauri

Sid Meier's Alpha Centauri 2000/XP Compatibility Update

Sid Meier's Civilization III: Complete

Star Wars Empire at War

Star Wars Empire at War Forces of Corruption

Star Wars Jedi Knight: Jedi Academy

Steam

Stronghold Crusader Extreme

Synaptics Pointing Device Driver

System Requirements Lab

System Requirements Lab CYRI

Terrafirma

Terraria

TES Construction Set

Unity Web Player (All users)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Script Editor Help (KB963671)

VideoPad Video Editor

VLC media player 1.1.0

Welcome Center

Wesnoth 1.0.2

WIDCOMM Bluetooth Software

WikidPad 1.9

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.01 (32-bit)

Xvid Video Codec

Yahoo! Messenger

.

==== End Of File ===========================

Link to post
Share on other sites

Hi,

Delete those ESET findings.

Any symptoms left? If not let's see the final steps.

THESE STEPS ARE VERY IMPORTANT

Let's reset system restore

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.

2. Hover over the Computer option, right click on it and then click Properties.

3. On the left hand side, click Advanced Settings.

4. If asked to permit the action, click on Allow.

5. Click on the System Protection tab.

6. Select c: drive and click Configure...

7. Select Turn off protection

8. Press OK.

Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.

Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.

Now lets uninstall ComboFix:

  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.

Click once on the Security tab

Click once on the Internet icon so it becomes highlighted.

Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.

Just a final reminder for you. I am trying to stress these two points.

UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.

Make sure all of your security programs are up to date.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,

Blade :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.