Jump to content

Recommended Posts

Folks,

Foremost, I appreciate all of your assistance. You folks are steely-eyed missile men.

My computer has not been behaving properly for 10 days now. I run McAfee and have done a complete scn with no infections found. I ran MalwareBytes with also no problems. However, my bandwidth seems to be compromised as any upload/download to my server seems sluggish. My harddisk light is constantly running, somethimes continuously and sometimes intermittently but always lit.

Attached are the DDS and Attach files produced by DDS. Any help will be greatly appreciated.

Regards,

Steve

Link to post
Share on other sites

Welcome to the forum.

Please update and run a quick scan with MBAM and post back the log.

MrC

MrC,

Thank you for taking the time to respond. Below is the output and attached is the MBAM scan.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8356

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/12/2011 2:03:13 PM

mbam-log-2011-12-12 (14-03-13).txt

Scan type: Quick scan

Objects scanned: 189743

Time elapsed: 9 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

protection-log-2011-12-12.txt

Link to post
Share on other sites

Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

MrC

Here you go:

Farbar Service Scanner

Ran by Steven (administrator) on 12-12-2011 at 15:24:13

Microsoft Windows 7 Home Premium (X64)

********************************************************

Service Check:

==============

File Check:

===========

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

Connection Status:

==================

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

**** End of log ****

Link to post
Share on other sites

Please download and run TDSSKiller as outlined in the post below:

http://forums.malwarebytes.org/index.php?showtopic=100665&view=findpost&p=499595

Post back the log, MrC

Here is the log:

15:48:28.0931 4876 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06

15:48:30.0933 4876 ============================================================

15:48:30.0934 4876 Current date / time: 2011/12/12 15:48:30.0933

15:48:30.0934 4876 SystemInfo:

15:48:30.0934 4876

15:48:30.0934 4876 OS Version: 6.1.7600 ServicePack: 0.0

15:48:30.0934 4876 Product type: Workstation

15:48:30.0934 4876 ComputerName: STEVEN-PC

15:48:30.0934 4876 UserName: Steven

15:48:30.0934 4876 Windows directory: C:\Windows

15:48:30.0934 4876 System windows directory: C:\Windows

15:48:30.0934 4876 Running under WOW64

15:48:30.0934 4876 Processor architecture: Intel x64

15:48:30.0934 4876 Number of processors: 4

15:48:30.0934 4876 Page size: 0x1000

15:48:30.0934 4876 Boot type: Normal boot

15:48:30.0934 4876 ============================================================

15:48:31.0523 4876 Initialize success

15:49:02.0840 1668 ============================================================

15:49:02.0840 1668 Scan started

15:49:02.0840 1668 Mode: Manual; SigCheck; TDLFS;

15:49:02.0840 1668 ============================================================

15:49:03.0480 1668 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys

15:49:03.0808 1668 1394ohci - ok

15:49:03.0854 1668 ACPI (794ff35015209b9d44f1360c42c9776d) C:\Windows\system32\DRIVERS\ACPI.sys

15:49:03.0886 1668 ACPI - ok

15:49:03.0925 1668 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

15:49:04.0024 1668 AcpiPmi - ok

15:49:04.0222 1668 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

15:49:04.0269 1668 adp94xx - ok

15:49:04.0311 1668 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

15:49:04.0341 1668 adpahci - ok

15:49:04.0370 1668 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

15:49:04.0395 1668 adpu320 - ok

15:49:04.0478 1668 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

15:49:04.0608 1668 AFD - ok

15:49:04.0646 1668 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

15:49:04.0671 1668 agp440 - ok

15:49:04.0728 1668 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

15:49:04.0750 1668 aliide - ok

15:49:04.0771 1668 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

15:49:04.0799 1668 amdide - ok

15:49:04.0825 1668 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

15:49:04.0934 1668 AmdK8 - ok

15:49:04.0959 1668 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

15:49:05.0081 1668 AmdPPM - ok

15:49:05.0142 1668 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys

15:49:05.0175 1668 amdsata - ok

15:49:05.0208 1668 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

15:49:05.0247 1668 amdsbs - ok

15:49:05.0279 1668 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys

15:49:05.0299 1668 amdxata - ok

15:49:05.0351 1668 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

15:49:05.0432 1668 AppID - ok

15:49:05.0482 1668 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

15:49:05.0496 1668 arc - ok

15:49:05.0521 1668 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

15:49:05.0552 1668 arcsas - ok

15:49:05.0588 1668 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

15:49:05.0796 1668 AsyncMac - ok

15:49:05.0944 1668 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

15:49:05.0969 1668 atapi - ok

15:49:06.0072 1668 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

15:49:06.0151 1668 b06bdrv - ok

15:49:06.0200 1668 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

15:49:06.0320 1668 b57nd60a - ok

15:49:06.0425 1668 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys

15:49:06.0484 1668 BCM42RLY - ok

15:49:06.0575 1668 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys

15:49:06.0690 1668 BCM43XX - ok

15:49:06.0853 1668 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys

15:49:06.0873 1668 BcmVWL - ok

15:49:06.0919 1668 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

15:49:07.0029 1668 Beep - ok

15:49:07.0081 1668 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

15:49:07.0143 1668 blbdrive - ok

15:49:07.0210 1668 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

15:49:07.0300 1668 bowser - ok

15:49:07.0338 1668 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:49:07.0415 1668 BrFiltLo - ok

15:49:07.0441 1668 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:49:07.0478 1668 BrFiltUp - ok

15:49:07.0507 1668 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

15:49:07.0549 1668 Brserid - ok

15:49:07.0570 1668 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

15:49:07.0628 1668 BrSerWdm - ok

15:49:07.0665 1668 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:49:07.0735 1668 BrUsbMdm - ok

15:49:07.0760 1668 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

15:49:07.0812 1668 BrUsbSer - ok

15:49:07.0832 1668 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

15:49:07.0880 1668 BTHMODEM - ok

15:49:07.0932 1668 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

15:49:08.0044 1668 cdfs - ok

15:49:08.0086 1668 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

15:49:08.0145 1668 cdrom - ok

15:49:08.0220 1668 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys

15:49:08.0243 1668 cfwids - ok

15:49:08.0275 1668 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

15:49:08.0327 1668 circlass - ok

15:49:08.0377 1668 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

15:49:08.0414 1668 CLFS - ok

15:49:08.0457 1668 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

15:49:08.0504 1668 CmBatt - ok

15:49:08.0546 1668 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

15:49:08.0566 1668 cmdide - ok

15:49:08.0598 1668 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

15:49:08.0623 1668 CNG - ok

15:49:08.0659 1668 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

15:49:08.0685 1668 Compbatt - ok

15:49:08.0724 1668 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

15:49:08.0772 1668 CompositeBus - ok

15:49:08.0815 1668 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

15:49:08.0841 1668 crcdisk - ok

15:49:08.0933 1668 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

15:49:09.0067 1668 CtClsFlt - ok

15:49:09.0137 1668 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

15:49:09.0250 1668 DfsC - ok

15:49:09.0308 1668 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

15:49:09.0456 1668 discache - ok

15:49:09.0494 1668 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

15:49:09.0513 1668 Disk - ok

15:49:09.0635 1668 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

15:49:09.0698 1668 Dot4 - ok

15:49:09.0730 1668 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys

15:49:09.0794 1668 Dot4Print - ok

15:49:09.0816 1668 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

15:49:09.0866 1668 dot4usb - ok

15:49:09.0917 1668 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

15:49:09.0957 1668 drmkaud - ok

15:49:10.0005 1668 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

15:49:10.0070 1668 DXGKrnl - ok

15:49:10.0182 1668 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

15:49:10.0285 1668 ebdrv - ok

15:49:10.0441 1668 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

15:49:10.0496 1668 elxstor - ok

15:49:10.0526 1668 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

15:49:10.0565 1668 ErrDev - ok

15:49:10.0625 1668 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

15:49:10.0688 1668 exfat - ok

15:49:10.0710 1668 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

15:49:10.0773 1668 fastfat - ok

15:49:10.0818 1668 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

15:49:10.0888 1668 fdc - ok

15:49:10.0937 1668 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

15:49:10.0950 1668 FileInfo - ok

15:49:10.0965 1668 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

15:49:11.0041 1668 Filetrace - ok

15:49:11.0073 1668 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

15:49:11.0154 1668 flpydisk - ok

15:49:11.0186 1668 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

15:49:11.0224 1668 FltMgr - ok

15:49:11.0248 1668 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

15:49:11.0270 1668 FsDepends - ok

15:49:11.0287 1668 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

15:49:11.0303 1668 Fs_Rec - ok

15:49:11.0337 1668 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

15:49:11.0355 1668 fvevol - ok

15:49:11.0385 1668 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

15:49:11.0399 1668 gagp30kx - ok

15:49:11.0468 1668 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:49:11.0490 1668 GEARAspiWDM - ok

15:49:11.0549 1668 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

15:49:11.0614 1668 hcw85cir - ok

15:49:11.0667 1668 hcwhdpvr (41579cf682de886c27f732f369ee3f46) C:\Windows\system32\DRIVERS\hcwhdpvr.sys

15:49:11.0728 1668 hcwhdpvr - ok

15:49:11.0768 1668 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

15:49:11.0843 1668 HdAudAddService - ok

15:49:11.0881 1668 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

15:49:11.0946 1668 HDAudBus - ok

15:49:11.0981 1668 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

15:49:11.0998 1668 HECIx64 - ok

15:49:12.0025 1668 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

15:49:12.0115 1668 HidBatt - ok

15:49:12.0145 1668 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

15:49:12.0228 1668 HidBth - ok

15:49:12.0308 1668 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

15:49:12.0353 1668 HidIr - ok

15:49:12.0409 1668 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

15:49:12.0497 1668 HidUsb - ok

15:49:12.0549 1668 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

15:49:12.0575 1668 HpSAMD - ok

15:49:12.0643 1668 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

15:49:12.0773 1668 HTTP - ok

15:49:12.0787 1668 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

15:49:12.0802 1668 hwpolicy - ok

15:49:12.0860 1668 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

15:49:12.0905 1668 i8042prt - ok

15:49:12.0943 1668 iaStor (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\DRIVERS\iaStor.sys

15:49:12.0970 1668 iaStor - ok

15:49:13.0052 1668 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys

15:49:13.0092 1668 iaStorV - ok

15:49:13.0445 1668 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

15:49:13.0803 1668 igfx - ok

15:49:13.0946 1668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

15:49:13.0974 1668 iirsp - ok

15:49:14.0024 1668 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

15:49:14.0117 1668 Impcd - ok

15:49:14.0179 1668 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys

15:49:14.0229 1668 IntcDAud - ok

15:49:14.0255 1668 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

15:49:14.0275 1668 intelide - ok

15:49:14.0344 1668 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

15:49:14.0403 1668 intelppm - ok

15:49:14.0461 1668 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:49:14.0585 1668 IpFilterDriver - ok

15:49:14.0618 1668 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

15:49:14.0695 1668 IPMIDRV - ok

15:49:14.0734 1668 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

15:49:14.0855 1668 IPNAT - ok

15:49:14.0902 1668 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

15:49:14.0968 1668 IRENUM - ok

15:49:14.0993 1668 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

15:49:15.0009 1668 isapnp - ok

15:49:15.0045 1668 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

15:49:15.0061 1668 iScsiPrt - ok

15:49:15.0097 1668 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

15:49:15.0110 1668 kbdclass - ok

15:49:15.0187 1668 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

15:49:15.0244 1668 kbdhid - ok

15:49:15.0280 1668 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

15:49:15.0311 1668 KSecDD - ok

15:49:15.0348 1668 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

15:49:15.0377 1668 KSecPkg - ok

15:49:15.0402 1668 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

15:49:15.0500 1668 ksthunk - ok

15:49:15.0638 1668 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

15:49:15.0758 1668 lltdio - ok

15:49:15.0828 1668 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

15:49:15.0843 1668 LSI_FC - ok

15:49:15.0869 1668 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

15:49:15.0903 1668 LSI_SAS - ok

15:49:15.0920 1668 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:49:15.0935 1668 LSI_SAS2 - ok

15:49:15.0955 1668 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:49:15.0976 1668 LSI_SCSI - ok

15:49:16.0001 1668 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

15:49:16.0122 1668 luafv - ok

15:49:16.0225 1668 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

15:49:16.0251 1668 MBAMProtector - ok

15:49:16.0467 1668 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

15:49:16.0494 1668 megasas - ok

15:49:16.0525 1668 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

15:49:16.0554 1668 MegaSR - ok

15:49:16.0596 1668 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys

15:49:16.0615 1668 mfeapfk - ok

15:49:16.0641 1668 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys

15:49:16.0663 1668 mfeavfk - ok

15:49:16.0723 1668 mfeavfk01 - ok

15:49:16.0769 1668 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys

15:49:16.0814 1668 mfefirek - ok

15:49:16.0850 1668 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys

15:49:16.0885 1668 mfehidk - ok

15:49:16.0918 1668 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys

15:49:16.0942 1668 mfenlfk - ok

15:49:17.0029 1668 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys

15:49:17.0054 1668 mferkdet - ok

15:49:17.0091 1668 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys

15:49:17.0111 1668 mfewfpk - ok

15:49:17.0152 1668 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

15:49:17.0250 1668 Modem - ok

15:49:17.0289 1668 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

15:49:17.0325 1668 monitor - ok

15:49:17.0363 1668 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

15:49:17.0391 1668 mouclass - ok

15:49:17.0468 1668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

15:49:17.0525 1668 mouhid - ok

15:49:17.0554 1668 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

15:49:17.0575 1668 mountmgr - ok

15:49:17.0594 1668 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

15:49:17.0610 1668 mpio - ok

15:49:17.0630 1668 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

15:49:17.0708 1668 mpsdrv - ok

15:49:17.0736 1668 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

15:49:17.0780 1668 MRxDAV - ok

15:49:17.0815 1668 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:49:17.0866 1668 mrxsmb - ok

15:49:17.0909 1668 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:49:17.0958 1668 mrxsmb10 - ok

15:49:17.0982 1668 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:49:18.0073 1668 mrxsmb20 - ok

15:49:18.0109 1668 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys

15:49:18.0121 1668 msahci - ok

15:49:18.0154 1668 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

15:49:18.0170 1668 msdsm - ok

15:49:18.0201 1668 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

15:49:18.0313 1668 Msfs - ok

15:49:18.0331 1668 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

15:49:18.0452 1668 mshidkmdf - ok

15:49:18.0475 1668 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

15:49:18.0497 1668 msisadrv - ok

15:49:18.0554 1668 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

15:49:18.0663 1668 MSKSSRV - ok

15:49:18.0684 1668 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

15:49:18.0763 1668 MSPCLOCK - ok

15:49:18.0786 1668 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

15:49:18.0856 1668 MSPQM - ok

15:49:18.0884 1668 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

15:49:18.0908 1668 MsRPC - ok

15:49:18.0938 1668 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

15:49:18.0951 1668 mssmbios - ok

15:49:18.0982 1668 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

15:49:19.0096 1668 MSTEE - ok

15:49:19.0120 1668 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

15:49:19.0195 1668 MTConfig - ok

15:49:19.0217 1668 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

15:49:19.0239 1668 Mup - ok

15:49:19.0331 1668 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

15:49:19.0401 1668 NativeWifiP - ok

15:49:19.0457 1668 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

15:49:19.0526 1668 NDIS - ok

15:49:19.0550 1668 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

15:49:19.0649 1668 NdisCap - ok

15:49:19.0685 1668 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

15:49:19.0839 1668 NdisTapi - ok

15:49:19.0872 1668 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

15:49:19.0956 1668 Ndisuio - ok

15:49:19.0977 1668 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

15:49:20.0040 1668 NdisWan - ok

15:49:20.0086 1668 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

15:49:20.0241 1668 NDProxy - ok

15:49:20.0289 1668 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

15:49:20.0411 1668 NetBIOS - ok

15:49:20.0438 1668 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

15:49:20.0550 1668 NetBT - ok

15:49:20.0638 1668 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

15:49:20.0668 1668 nfrd960 - ok

15:49:20.0691 1668 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

15:49:20.0768 1668 Npfs - ok

15:49:20.0797 1668 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

15:49:20.0865 1668 nsiproxy - ok

15:49:20.0926 1668 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys

15:49:20.0974 1668 Ntfs - ok

15:49:21.0005 1668 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

15:49:21.0148 1668 Null - ok

15:49:21.0184 1668 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys

15:49:21.0199 1668 nvraid - ok

15:49:21.0232 1668 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys

15:49:21.0291 1668 nvstor - ok

15:49:21.0315 1668 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

15:49:21.0329 1668 nv_agp - ok

15:49:21.0376 1668 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

15:49:21.0415 1668 ohci1394 - ok

15:49:21.0528 1668 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

15:49:21.0564 1668 Parport - ok

15:49:21.0591 1668 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

15:49:21.0610 1668 partmgr - ok

15:49:21.0638 1668 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

15:49:21.0659 1668 pci - ok

15:49:21.0688 1668 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

15:49:21.0701 1668 pciide - ok

15:49:21.0733 1668 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

15:49:21.0770 1668 pcmcia - ok

15:49:21.0791 1668 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

15:49:21.0812 1668 pcw - ok

15:49:21.0839 1668 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

15:49:21.0972 1668 PEAUTH - ok

15:49:22.0137 1668 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

15:49:22.0202 1668 PptpMiniport - ok

15:49:22.0226 1668 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

15:49:22.0264 1668 Processor - ok

15:49:22.0326 1668 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

15:49:22.0451 1668 Psched - ok

15:49:22.0482 1668 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

15:49:22.0493 1668 PxHlpa64 - ok

15:49:22.0580 1668 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

15:49:22.0629 1668 ql2300 - ok

15:49:22.0777 1668 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

15:49:22.0793 1668 ql40xx - ok

15:49:22.0822 1668 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

15:49:22.0862 1668 QWAVEdrv - ok

15:49:22.0886 1668 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

15:49:22.0965 1668 RasAcd - ok

15:49:22.0996 1668 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:49:23.0101 1668 RasAgileVpn - ok

15:49:23.0123 1668 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:49:23.0194 1668 Rasl2tp - ok

15:49:23.0223 1668 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

15:49:23.0295 1668 RasPppoe - ok

15:49:23.0320 1668 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

15:49:23.0427 1668 RasSstp - ok

15:49:23.0452 1668 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

15:49:23.0541 1668 rdbss - ok

15:49:23.0566 1668 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

15:49:23.0609 1668 rdpbus - ok

15:49:23.0663 1668 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:49:23.0731 1668 RDPCDD - ok

15:49:23.0751 1668 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

15:49:23.0825 1668 RDPENCDD - ok

15:49:23.0852 1668 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

15:49:23.0922 1668 RDPREFMP - ok

15:49:23.0950 1668 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

15:49:24.0029 1668 RDPWD - ok

15:49:24.0068 1668 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

15:49:24.0086 1668 rdyboost - ok

15:49:24.0183 1668 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

15:49:24.0245 1668 RimUsb - ok

15:49:24.0270 1668 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

15:49:24.0348 1668 RimVSerPort - ok

15:49:24.0389 1668 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys

15:49:24.0509 1668 ROOTMODEM - ok

15:49:24.0556 1668 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

15:49:24.0645 1668 rspndr - ok

15:49:24.0712 1668 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys

15:49:24.0736 1668 RSUSBSTOR - ok

15:49:24.0796 1668 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys

15:49:24.0831 1668 RTL8167 - ok

15:49:24.0904 1668 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

15:49:24.0937 1668 sbp2port - ok

15:49:24.0974 1668 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

15:49:25.0093 1668 scfilter - ok

15:49:25.0165 1668 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

15:49:25.0276 1668 secdrv - ok

15:49:25.0332 1668 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

15:49:25.0385 1668 Serenum - ok

15:49:25.0420 1668 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

15:49:25.0455 1668 Serial - ok

15:49:25.0498 1668 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

15:49:25.0567 1668 sermouse - ok

15:49:25.0611 1668 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

15:49:25.0671 1668 sffdisk - ok

15:49:25.0704 1668 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

15:49:25.0736 1668 sffp_mmc - ok

15:49:25.0782 1668 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

15:49:25.0911 1668 sffp_sd - ok

15:49:25.0968 1668 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

15:49:26.0022 1668 sfloppy - ok

15:49:26.0085 1668 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:49:26.0108 1668 SiSRaid2 - ok

15:49:26.0164 1668 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

15:49:26.0196 1668 SiSRaid4 - ok

15:49:26.0224 1668 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

15:49:26.0343 1668 Smb - ok

15:49:26.0375 1668 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

15:49:26.0400 1668 spldr - ok

15:49:26.0498 1668 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

15:49:26.0591 1668 srv - ok

15:49:26.0630 1668 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

15:49:26.0676 1668 srv2 - ok

15:49:26.0753 1668 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

15:49:26.0824 1668 srvnet - ok

15:49:26.0884 1668 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

15:49:26.0908 1668 stexstor - ok

15:49:26.0972 1668 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys

15:49:27.0056 1668 STHDA - ok

15:49:27.0112 1668 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

15:49:27.0129 1668 swenum - ok

15:49:27.0221 1668 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys

15:49:27.0256 1668 SynTP - ok

15:49:27.0351 1668 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

15:49:27.0396 1668 Tcpip - ok

15:49:27.0570 1668 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

15:49:27.0653 1668 TCPIP6 - ok

15:49:27.0761 1668 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

15:49:27.0903 1668 tcpipreg - ok

15:49:27.0932 1668 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

15:49:28.0049 1668 TDPIPE - ok

15:49:28.0085 1668 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

15:49:28.0213 1668 TDTCP - ok

15:49:28.0236 1668 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

15:49:28.0302 1668 tdx - ok

15:49:28.0335 1668 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

15:49:28.0349 1668 TermDD - ok

15:49:28.0392 1668 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:49:28.0452 1668 tssecsrv - ok

15:49:28.0496 1668 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

15:49:28.0631 1668 tunnel - ok

15:49:28.0662 1668 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

15:49:28.0675 1668 uagp35 - ok

15:49:28.0717 1668 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys

15:49:28.0774 1668 udfs - ok

15:49:28.0814 1668 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

15:49:28.0828 1668 uliagpkx - ok

15:49:28.0861 1668 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

15:49:28.0914 1668 umbus - ok

15:49:28.0944 1668 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

15:49:28.0989 1668 UmPass - ok

15:49:29.0058 1668 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

15:49:29.0141 1668 USBAAPL64 - ok

15:49:29.0182 1668 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

15:49:29.0274 1668 usbccgp - ok

15:49:29.0325 1668 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

15:49:29.0386 1668 usbcir - ok

15:49:29.0409 1668 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys

15:49:29.0484 1668 usbehci - ok

15:49:29.0526 1668 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys

15:49:29.0592 1668 usbhub - ok

15:49:29.0618 1668 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

15:49:29.0647 1668 usbohci - ok

15:49:29.0687 1668 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

15:49:29.0742 1668 usbprint - ok

15:49:29.0791 1668 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

15:49:29.0820 1668 usbscan - ok

15:49:29.0853 1668 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:49:29.0907 1668 USBSTOR - ok

15:49:29.0950 1668 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

15:49:29.0971 1668 usbuhci - ok

15:49:30.0044 1668 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

15:49:30.0138 1668 usbvideo - ok

15:49:30.0190 1668 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

15:49:30.0206 1668 vdrvroot - ok

15:49:30.0232 1668 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

15:49:30.0254 1668 vga - ok

15:49:30.0277 1668 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

15:49:30.0345 1668 VgaSave - ok

15:49:30.0369 1668 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

15:49:30.0388 1668 vhdmp - ok

15:49:30.0424 1668 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

15:49:30.0452 1668 viaide - ok

15:49:30.0480 1668 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

15:49:30.0496 1668 volmgr - ok

15:49:30.0525 1668 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

15:49:30.0545 1668 volmgrx - ok

15:49:30.0576 1668 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

15:49:30.0595 1668 volsnap - ok

15:49:30.0629 1668 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

15:49:30.0647 1668 vsmraid - ok

15:49:30.0668 1668 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

15:49:30.0688 1668 vwifibus - ok

15:49:30.0705 1668 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

15:49:30.0743 1668 vwififlt - ok

15:49:30.0799 1668 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

15:49:30.0819 1668 vwifimp - ok

15:49:30.0849 1668 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

15:49:30.0884 1668 WacomPen - ok

15:49:30.0930 1668 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

15:49:31.0043 1668 WANARP - ok

15:49:31.0051 1668 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

15:49:31.0116 1668 Wanarpv6 - ok

15:49:31.0214 1668 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

15:49:31.0232 1668 Wd - ok

15:49:31.0264 1668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

15:49:31.0289 1668 Wdf01000 - ok

15:49:31.0329 1668 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

15:49:31.0387 1668 WfpLwf - ok

15:49:31.0425 1668 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

15:49:31.0440 1668 WimFltr - ok

15:49:31.0468 1668 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

15:49:31.0482 1668 WIMMount - ok

15:49:31.0566 1668 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys

15:49:31.0675 1668 WinUsb - ok

15:49:31.0722 1668 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

15:49:31.0779 1668 WmiAcpi - ok

15:49:31.0865 1668 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

15:49:31.0936 1668 ws2ifsl - ok

15:49:31.0975 1668 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

15:49:32.0043 1668 WSDPrintDevice - ok

15:49:32.0093 1668 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys

15:49:32.0213 1668 WudfPf - ok

15:49:32.0247 1668 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:49:32.0318 1668 WUDFRd - ok

15:49:32.0362 1668 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

15:49:32.0406 1668 yukonw7 - ok

15:49:32.0463 1668 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl

15:49:32.0489 1668 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok

15:49:32.0526 1668 MBR (0x1B8) (c3220eb08add62e3ed9f72a1f4e4b1bb) \Device\Harddisk0\DR0

15:49:32.0715 1668 \Device\Harddisk0\DR0 - ok

15:49:32.0720 1668 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0

15:49:32.0723 1668 \Device\Harddisk0\DR0\Partition0 - ok

15:49:32.0762 1668 Boot (0x1200) (723ffebde086355ce5f5c8e20d4fdb4a) \Device\Harddisk0\DR0\Partition1

15:49:32.0763 1668 \Device\Harddisk0\DR0\Partition1 - ok

15:49:32.0769 1668 ============================================================

15:49:32.0769 1668 Scan finished

15:49:32.0769 1668 ============================================================

15:49:32.0796 1728 Detected object count: 0

15:49:32.0796 1728 Actual detected object count: 0

Link to post
Share on other sites

That log was clean, lets run ComboFix and see if it finds anything:

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Mr C,

I ran ConboFix, here is the log:

ComboFix 11-12-12.02 - Steven 12/12/2011 18:42:50.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7991.6046 [GMT -8:00]

Running from: c:\users\Steven\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\mootools.svn.js

c:\users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffcenter.html

c:\users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\pffCenter.js

c:\users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\reviewDialog.html

c:\users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\reviewNotesPopUp.html

c:\users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskNotesDialog.html

.

.

((((((((((((((((((((((((( Files Created from 2011-11-13 to 2011-12-13 )))))))))))))))))))))))))))))))

.

.

2011-12-13 02:50 . 2011-12-13 02:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-08 12:52 . 2011-12-08 12:52 -------- d-----w- c:\windows\SysWow64\syncdb

2011-12-08 07:25 . 2011-12-08 07:25 -------- d-----w- c:\users\Steven\AppData\Roaming\Malwarebytes

2011-12-08 07:25 . 2011-12-08 07:25 -------- d-----w- c:\programdata\Malwarebytes

2011-12-08 07:25 . 2011-12-08 07:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-08 07:25 . 2011-09-01 01:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-04 00:31 . 2011-12-04 00:31 -------- d-----w- c:\users\Steven\AppData\Roaming\com.dwuser.erwizard.EasyRotatorWizard

2011-12-04 00:31 . 2011-12-04 00:31 -------- d-----w- c:\program files (x86)\EasyRotator

2011-11-27 16:44 . 2011-11-27 16:44 -------- d-----w- c:\program files\iPod

2011-11-27 16:44 . 2011-11-27 16:44 -------- d-----w- c:\program files\iTunes

2011-11-27 16:44 . 2011-11-27 16:44 -------- d-----w- c:\program files (x86)\iTunes

2011-11-27 16:41 . 2011-11-27 16:41 -------- d-----w- c:\program files\Bonjour

2011-11-18 20:33 . 2011-11-18 20:33 -------- d-----w- c:\program files (x86)\7-Zip

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-14 14:49 . 2010-11-24 15:40 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-11-14 12:11 . 2010-11-24 15:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-10-15 21:16 . 2010-10-26 22:50 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-10-15 21:16 . 2010-04-27 22:16 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-10-15 21:16 . 2010-04-27 22:16 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-10-15 21:16 . 2010-04-27 22:16 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-10-15 21:16 . 2010-04-27 22:16 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-10-15 21:16 . 2010-04-27 22:16 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-10-15 21:16 . 2010-04-27 22:16 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-10-15 21:16 . 2010-04-27 22:16 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-10-15 21:16 . 2010-04-27 22:16 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-10-01 03:21 . 2011-10-13 21:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-01 02:59 . 2011-10-13 21:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-09-29 16:24 . 2011-11-09 14:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-29 04:09 . 2011-11-09 14:24 3141120 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-20 39408]

"googletalk"="c:\users\Steven\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"eFax 4.4"="c:\program files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744]

"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-06-26 107000]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-17 1674896]

"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-11-09 2215768]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-05-30 273544]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]

.

c:\users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

eFax 4.4.lnk - c:\program files (x86)\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 135664]

R3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/10/26 17:46];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 21:35 146928]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]

S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-05-05 206064]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 00:39]

.

2011-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 00:39]

.

2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502374575-3588119685-2978234206-1001Core.job

- c:\users\Steven\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 00:44]

.

2011-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1502374575-3588119685-2978234206-1001UA.job

- c:\users\Steven\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-21 00:44]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.cnn.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM

IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 68.87.76.182 68.87.78.134

FF - ProfilePath - c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\mqudc4mi.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/calendar/render?pli=1

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Steven\AppData\Local\Akamai\netsession_win.exe

Wow6432Node-HKLM-RunOnce-c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe - c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2011-12-12 19:02:45 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-13 03:02

.

Pre-Run: 452,844,441,600 bytes free

Post-Run: 454,967,595,008 bytes free

.

- - End Of File - - 7A2D2870A3E3121EFC396DDD47FA0B40

Link to post
Share on other sites

MrC,

Here you are:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8365

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/13/2011 2:52:57 PM

mbam-log-2011-12-13 (14-52-57).txt

Scan type: Quick scan

Objects scanned: 179324

Time elapsed: 5 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

How is it?????? MrC

It does seem better, I am not seeing really slow uploads/downloads anymore. They seem slower but not to the point where it is unworkable. My harddisk light still continually flashes though.

Does the fact that the second Quick Scan took about half the time as the first tell anything?

Regards,

Steve

Link to post
Share on other sites

Does the fact that the second Quick Scan took about half the time as the first tell anything?

Not really, remember we ran ComboFix which cleared out items.

My harddisk light still continually flashes though.

You have a lot of apps running, use Ctrl + Shift + Esc to bring up the task manager to see all that's running.

--------------------

Please uninstall ComboFix:

Click on the Start button and then in the Search field enter combofix /uninstall

Please note that there is a space between combofix and /uninstall.

Once you have typed this in, press Enter on your Keyboard.

A Open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files.

When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.

You can now delete the ComboFix.exe program from your computer.

ComboFix has now been uninstalled from your Windows Vista or Windows 7 computer.

-----------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

-----------------------------

BrowserJavaVersion: 1.6.0_26

You have out of date Java on the system:

Older versions are vulnerable to malware.

Open up Java in your control panel > Update > should be update 30.

http://www.java.com/en/download/manual.jsp <---latest version

http://www.java.com/en/download/installed.jsp <---verify your Java

--------------------------------------

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Have a Good Holiday and New Year!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.