PING.EXE issues

Kamarill · December 20, 2011

Like many others, I am also having PING.EXE issues. These started after removing Win 7 Security 2011 from my computer. MBAM finds no current other infections.

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30

Run by Kamarill at 10:15:17 on 2011-12-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2089 [GMT -6:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\RAVCpl64.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Google Update] "C:\Users\Kamarill\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork

uRun: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe

uRun: [F.lux] "C:\Users\Kamarill\Local Settings\Apps\F.lux\flux.exe" /noshow

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRunOnce: [Application Restart #1] C:\Users\Kamarill\AppData\Local\Google\Chrome\Application\chrome.exe --automation-channel=ChromeTestingInterface:3200.2 --chrome-frame --no-first-run --disable-popup-blocking --user-data-dir="C:\Users\Kamarill\AppData\Local\Google\Chrome Frame\User Data\iexplore" --chrome-version=13.0.782.112 --lang=en-US --flag-switches-begin --flag-switches-end --restore-last-session

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe" /r

mRun: [CtaMon] Rundll32 CtaMon.dll,RunMonitor

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Kamarill\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kamarill\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Kamarill\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{FFBBB019-5441-4F31-A34E-4F6D3B318C5B} : DhcpNameServer = 10.0.0.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4Com.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe" /r

mRun-x64: [CtaMon] Rundll32 CtaMon.dll,RunMonitor

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun-x64: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kamarill\AppData\Roaming\Mozilla\Firefox\Profiles\7rwyawao.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Kamarill\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-7-25 517632]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-19 2253120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-1 2337144]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-5-25 2152152]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-17 366152]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-5-26 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-5-26 79360]

S3 Ctafiltv;Ctafiltv;C:\Windows\system32\drivers\Ctafiltv.sys --> C:\Windows\system32\drivers\Ctafiltv.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]

.

=============== Created Last 30 ================

.

2011-12-20 10:06:50 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll

2011-12-20 10:06:50 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll

2011-12-20 10:06:50 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll

2011-12-20 10:06:48 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll

2011-12-20 10:06:46 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll

2011-12-20 10:06:46 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2011-12-20 10:06:45 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll

2011-12-20 10:06:45 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll

2011-12-20 10:04:38 -------- d-----w- C:\Users\Kamarill\AppData\Local\Two Tribes

2011-12-17 17:43:55 -------- d-----w- C:\Users\Kamarill\AppData\Roaming\Malwarebytes

2011-12-17 17:43:43 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-17 17:43:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-15 00:17:24 -------- d-----w- C:\Program Files (x86)\WinGlulxe

2011-12-14 23:56:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-14 23:56:18 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-12-14 23:56:18 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-12-14 23:56:18 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-12-14 23:56:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-14 23:56:16 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-12-12 00:43:49 388096 ----a-r- C:\Users\Kamarill\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-12 00:43:49 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-12-11 14:31:39 -------- d-----we C:\Windows\system64

2011-12-10 07:38:00 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll

2011-12-10 07:38:00 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll

2011-12-10 07:37:58 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll

2011-12-10 07:37:58 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll

2011-12-10 07:37:53 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll

2011-12-10 07:37:53 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll

2011-12-09 19:05:29 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D2481BE-4989-408E-9769-243F11963815}\mpengine.dll

2011-11-26 04:14:46 -------- d-----w- C:\Users\Kamarill\AppData\Local\Chromium

2011-11-22 06:42:59 -------- d-----w- C:\Program Files (x86)\Microsoft

2011-11-22 06:42:58 -------- d-----w- C:\Program Files (x86)\MSN Toolbar

2011-11-22 06:42:47 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer

2011-11-22 06:37:24 90112 ----a-w- C:\Windows\SysWow64\ccrpTmr6.dll

2011-11-22 06:37:24 1066176 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2011-11-22 06:37:24 -------- d-----w- C:\Program Files (x86)\Cool Timer

2011-11-21 09:29:55 -------- d-----w- C:\Users\Kamarill\AppData\Local\{C7AD82AA-0A5A-42BA-9BC2-D56625C47FC1}

2011-11-21 09:29:55 -------- d-----w- C:\Users\Kamarill\AppData\Local\{76E4500C-484E-4B57-B97F-3D2C12C23D8C}

.

==================== Find3M ====================

.

2011-12-14 11:36:32 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-09 01:07:24 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-11-10 11:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-15 06:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2011-10-13 20:29:40 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll

2011-10-13 20:29:40 28056 ----a-w- C:\Windows\System32\xfcodec64.dll

2011-10-03 10:31:12 447752 ----a-w- C:\Windows\SysWow64\vp6vfw.dll

2011-10-03 09:24:58 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-10-03 09:24:58 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-10-03 09:15:45 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-10-03 09:06:46 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 10:23:50.09 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 4/1/2011 2:49:54 PM

System Uptime: 12/20/2011 9:48:51 AM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | EX58-UD3R

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | Socket 1366 | 2660/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 596 GiB total, 137.994 GiB free.

D: is CDROM (UDF)

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP188: 12/17/2011 11:44:22 AM - Installed Java 6 Update 30

RP189: 12/20/2011 4:03:13 AM - Installed DirectX

RP190: 12/20/2011 4:20:41 AM - Installed DirectX

RP191: 12/20/2011 6:03:25 AM - Installed DirectX

.

==== Installed Programs ======================

.

1... 2... 3... KICK IT! (Drop That Beat Like an Ugly Baby)

AaAaAA!!! - A Reckless Disregard for Gravity

Ad-Aware

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.6

Adobe Shockwave Player 11.5

Alliance of Valiant Arms

ALSee

ALTools Update

Amnesia: The Dark Descent

Apple Application Support

Apple Software Update

Audacity 1.3.13 (Unicode)

Audiosurf

Batman: Arkham Asylum GOTY Edition

Battlefield 3™ Open Beta

Battlelog Web Plugins

Bing Bar

Bing Bar Platform

BioShock 2

Blood Bowl: Legendary Edition

Bloodline Champions

Borderlands

Brink

Bulletstorm

Call of Duty: Black Ops - Multiplayer

Chantelise - Demo

Cool Timer 3.7

Creative ALchemy

Creative MediaSource 5

Creative Software AutoUpdate

Creative System Information

Creative WaveStudio 7

D3DX10

Dead Rising 2

Deus Ex: Game of the Year Edition

Deus Ex: Human Revolution

Dev-C++ 5 beta 9 release (4.9.9.2)

Diablo III Beta

Dota 2

DotAlicious Gaming Client

Download Manager 2.3.10

Dragon Age: Origins

Dropbox

Dungeon Defenders

Dungeon Siege

Dungeon Siege 2

Dungeon Siege III

EasyBits GO

EDGE

ESN Sonar

F.lux

Fallout 3 - Game of the Year Edition

Fallout: New Vegas

Fraps (remove only)

Garena 2010

Garry's Mod

Gigabyte Raid Configurer

GOM Player

GOMTV Streamer

Google Chrome

Grand Theft Auto: San Andreas

Gravitron 2

Guild Wars

HiJackThis

ICCup Launcher

Java Auto Updater

Java 6 Update 22

Java 6 Update 30

Killing Floor

Killing Floor Mod: Defence Alliance 2

League of Legends

Left 4 Dead 2

LogMeIn Hamachi

Magic: The Gathering — Duels of the Planeswalkers 2012

Magicka

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft Default Manager

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office Word Viewer 2003

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Morrowind AnimKit 2.1 (remove only)

Mount and Blade Warband - Demo

Mozilla Firefox 8.0.1 (x86 en-US)

Mozilla Thunderbird (8.0)

MP3 Skype Recorder

MSVCRT

Multiwinia

Mumble 1.2.3

Notepad++

NVIDIA 3D Vision Controller Driver

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

OpenOffice.org 3.3

Orcs Must Die!

Origin

Pando Media Booster

Plants vs. Zombies: Game of the Year

Poker Night at the Inventory

Prototype

PunkBuster Services

Puzzle Quest 2

QuickTime

Real Myst

Realtek High Definition Audio Driver

Recettear: An Item Shop's Tale

RIFT

RollerCoaster Tycoon 3: Platinum!

RUSH

Sam & Max 202: Moai Better Blues

Sam & Max 203: Night of the Raving Dead

Sam & Max 204: Chariots of the Dogs

SB Arena Headset

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Sid Meier's Civilization V

SimCity 4 Deluxe

Skype Click to Call

Skype™ 5.5

Space Quest Collection

Spectromancer

Spiral Knights

StarCraft

StarCraft II

Steam

Super Meat Boy

SWAT 4

System Requirements Lab CYRI

Team Fortress 2

TeamViewer 6

Terraria

The Binding Of Isaac

The Elder Scrolls III: Morrowind

The Elder Scrolls IV: Oblivion

The Ship

The Ship Single Player

The Ship Tutorial

The Sims™ 3

The Witcher 2

The Wonderful End of the World

Titan Quest

TOD-Demo

Toki Tori

Universe Sandbox

Unreal Tournament 2004

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

VH Toolkit 1.0.15.0

WampServer 2.1

Warhammer 40,000: Space Marine Demo

Warhammer® 40,000™: Dawn of War® II

Warhammer® 40,000™: Dawn of War® II – Chaos Rising™

Windows Glulxe

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

WinPcap 4.1.2

Xfire (remove only)

XSplit

YABOT Build Order Editor version 1.0

YOU DON'T KNOW JACK

.

==== Event Viewer Messages From Past Week ========

.

12/20/2011 9:57:21 AM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).

12/20/2011 9:57:21 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/20/2011 9:57:21 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

12/20/2011 9:57:21 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

12/20/2011 9:53:30 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.

12/20/2011 9:52:30 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/20/2011 9:52:30 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

12/20/2011 9:52:30 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/20/2011 9:52:30 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/20/2011 9:49:26 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

12/20/2011 9:49:20 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

12/20/2011 9:49:20 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

12/20/2011 9:34:57 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

12/20/2011 9:34:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/20/2011 9:34:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/20/2011 9:34:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

12/20/2011 9:34:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

12/20/2011 9:34:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/20/2011 9:34:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/20/2011 9:34:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

12/20/2011 9:34:33 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/20/2011 9:34:33 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

12/20/2011 9:34:33 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/20/2011 9:34:33 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/20/2011 9:34:33 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/20/2011 9:34:33 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/20/2011 9:34:32 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/20/2011 9:34:32 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

12/20/2011 9:34:32 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/20/2011 9:34:32 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/20/2011 9:34:32 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.

12/20/2011 4:20:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.

12/20/2011 4:20:40 AM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/20/2011 4:20:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

12/20/2011 10:23:19 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

12/20/2011 10:05:13 AM, Error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 3 time(s).

12/20/2011 10:05:13 AM, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 3 time(s).

12/20/2011 10:05:13 AM, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 3 time(s).

12/20/2011 10:05:13 AM, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 3 time(s).

12/20/2011 10:01:32 AM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.

12/20/2011 10:01:32 AM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.

12/17/2011 11:32:37 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/17/2011 11:32:37 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/17/2011 11:32:37 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/17/2011 11:32:37 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

12/17/2011 11:32:37 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

12/17/2011 11:32:37 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/17/2011 11:32:37 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/17/2011 11:32:37 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/16/2011 2:32:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

12/16/2011 2:32:16 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/14/2011 9:22:40 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

Thanks in advance!

Kamarill · December 23, 2011

I've discovered some other issues I am having.

I am unable to connect to localhost, even with Apache running correctly. I am also unable to connect to 192.168.1.1, my router's homepage. I've also been noticing Internet issues across all browsers where connection attempts to websites will time out occasionally. I am not sure if any of this is related or not.

D-FRED-BROWN · December 25, 2011

Hello Kamarill and welcome to Malwarebytes! :welcome:

I apologize for the delay.

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

I've discovered some other issues I am having.
I am unable to connect to localhost, even with Apache running correctly. I am also unable to connect to 192.168.1.1, my router's homepage. I've also been noticing Internet issues across all browsers where connection attempts to websites will time out occasionally. I am not sure if any of this is related or not.

Yes, this is related to the infection you have. We will attempt to rectify that, but first, we need to gather some information about your computer's internet service configurations:

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
[*]Press "Scan".
[*]It will create a log (FSS.txt) in the same directory the tool is run.
[*]Please copy and paste the log to your reply.

-------------

Please download to your Desktop:

TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

TDSSKiller_log.txt

how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:
http://ad13.geekstogo.com/MBRCheck.exe
http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe
http://www.kernelmode.info/MBRCheck.exe
Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".
Press the "Enter" key to close the MBRCheck window and post the contents of the log file.
-------------
In your next reply, please include:

FSS.txt
TDSSKiller report
C:\ComboFix.txt
MBRCheck report

How is your computer running now?

Kamarill · December 26, 2011

Thank you for the welcomes! The delay was no issue; it gave me no excuse to spend Christmas with my family (and I hope your holidays were good as well!)

FSS.txt:

Farbar Service Scanner

Ran by Kamarill (administrator) on 25-12-2011 at 15:36:44

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is OK.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

TDSSKiller_log.txt:

15:38:51.0281 13740 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

15:38:52.0571 13740 ============================================================

15:38:52.0571 13740 Current date / time: 2011/12/25 15:38:52.0571

15:38:52.0571 13740 SystemInfo:

15:38:52.0571 13740

15:38:52.0571 13740 OS Version: 6.1.7601 ServicePack: 1.0

15:38:52.0571 13740 Product type: Workstation

15:38:52.0571 13740 ComputerName: KAMARILL-PC

15:38:52.0571 13740 UserName: Kamarill

15:38:52.0571 13740 Windows directory: C:\Windows

15:38:52.0571 13740 System windows directory: C:\Windows

15:38:52.0571 13740 Running under WOW64

15:38:52.0571 13740 Processor architecture: Intel x64

15:38:52.0571 13740 Number of processors: 8

15:38:52.0571 13740 Page size: 0x1000

15:38:52.0571 13740 Boot type: Normal boot

15:38:52.0571 13740 ============================================================

15:38:53.0463 13740 Initialize success

15:39:01.0287 15216 ============================================================

15:39:01.0287 15216 Scan started

15:39:01.0287 15216 Mode: Manual;

15:39:01.0287 15216 ============================================================

15:39:04.0840 15216 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

15:39:04.0863 15216 1394ohci - ok

15:39:04.0955 15216 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

15:39:04.0959 15216 ACPI - ok

15:39:05.0044 15216 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

15:39:05.0045 15216 AcpiPmi - ok

15:39:05.0264 15216 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

15:39:05.0270 15216 adp94xx - ok

15:39:05.0346 15216 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

15:39:05.0350 15216 adpahci - ok

15:39:05.0404 15216 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

15:39:05.0407 15216 adpu320 - ok

15:39:05.0517 15216 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

15:39:05.0519 15216 AFD - ok

15:39:05.0599 15216 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

15:39:05.0600 15216 agp440 - ok

15:39:05.0685 15216 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

15:39:05.0685 15216 aliide - ok

15:39:05.0759 15216 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

15:39:05.0760 15216 amdide - ok

15:39:05.0823 15216 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

15:39:05.0824 15216 AmdK8 - ok

15:39:05.0879 15216 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

15:39:05.0880 15216 AmdPPM - ok

15:39:05.0959 15216 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys

15:39:05.0961 15216 amdsata - ok

15:39:06.0020 15216 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

15:39:06.0023 15216 amdsbs - ok

15:39:06.0104 15216 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys

15:39:06.0105 15216 amdxata - ok

15:39:06.0179 15216 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

15:39:06.0191 15216 AppID - ok

15:39:06.0261 15216 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

15:39:06.0263 15216 arc - ok

15:39:06.0319 15216 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

15:39:06.0320 15216 arcsas - ok

15:39:06.0394 15216 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

15:39:06.0395 15216 AsyncMac - ok

15:39:06.0479 15216 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

15:39:06.0480 15216 atapi - ok

15:39:06.0565 15216 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

15:39:06.0571 15216 b06bdrv - ok

15:39:06.0652 15216 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

15:39:06.0655 15216 b57nd60a - ok

15:39:06.0711 15216 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

15:39:06.0711 15216 Beep - ok

15:39:06.0769 15216 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

15:39:06.0770 15216 blbdrive - ok

15:39:06.0846 15216 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

15:39:06.0848 15216 bowser - ok

15:39:06.0907 15216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:39:06.0908 15216 BrFiltLo - ok

15:39:06.0958 15216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:39:06.0959 15216 BrFiltUp - ok

15:39:07.0022 15216 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

15:39:07.0026 15216 Brserid - ok

15:39:07.0079 15216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

15:39:07.0080 15216 BrSerWdm - ok

15:39:07.0178 15216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:39:07.0179 15216 BrUsbMdm - ok

15:39:07.0231 15216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

15:39:07.0232 15216 BrUsbSer - ok

15:39:07.0287 15216 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

15:39:07.0288 15216 BTHMODEM - ok

15:39:07.0357 15216 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

15:39:07.0358 15216 cdfs - ok

15:39:07.0449 15216 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

15:39:07.0451 15216 cdrom - ok

15:39:07.0521 15216 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

15:39:07.0522 15216 circlass - ok

15:39:07.0571 15216 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

15:39:07.0576 15216 CLFS - ok

15:39:07.0648 15216 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

15:39:07.0649 15216 CmBatt - ok

15:39:07.0729 15216 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

15:39:07.0730 15216 cmdide - ok

15:39:07.0811 15216 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

15:39:07.0816 15216 CNG - ok

15:39:07.0872 15216 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

15:39:07.0873 15216 Compbatt - ok

15:39:07.0956 15216 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

15:39:07.0975 15216 CompositeBus - ok

15:39:08.0264 15216 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

15:39:08.0306 15216 crcdisk - ok

15:39:08.0445 15216 Ctafiltv (01acb9228c303de1fff82b807d28b2b0) C:\Windows\system32\drivers\Ctafiltv.sys

15:39:08.0446 15216 Ctafiltv - ok

15:39:08.0558 15216 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

15:39:08.0560 15216 DfsC - ok

15:39:08.0626 15216 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

15:39:08.0627 15216 discache - ok

15:39:08.0684 15216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

15:39:08.0686 15216 Disk - ok

15:39:08.0755 15216 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

15:39:08.0756 15216 drmkaud - ok

15:39:08.0931 15216 dump_wmimmc - ok

15:39:09.0016 15216 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

15:39:09.0028 15216 DXGKrnl - ok

15:39:09.0190 15216 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

15:39:09.0243 15216 ebdrv - ok

15:39:09.0323 15216 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

15:39:09.0330 15216 elxstor - ok

15:39:09.0410 15216 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

15:39:09.0426 15216 ErrDev - ok

15:39:09.0584 15216 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

15:39:09.0587 15216 exfat - ok

15:39:09.0645 15216 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

15:39:09.0648 15216 fastfat - ok

15:39:09.0705 15216 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

15:39:09.0706 15216 fdc - ok

15:39:09.0777 15216 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

15:39:09.0780 15216 FileInfo - ok

15:39:09.0871 15216 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

15:39:09.0872 15216 Filetrace - ok

15:39:09.0928 15216 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

15:39:09.0929 15216 flpydisk - ok

15:39:10.0298 15216 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

15:39:10.0331 15216 FltMgr - ok

15:39:10.0387 15216 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

15:39:10.0388 15216 FsDepends - ok

15:39:10.0436 15216 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

15:39:10.0436 15216 Fs_Rec - ok

15:39:10.0517 15216 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

15:39:10.0520 15216 fvevol - ok

15:39:10.0576 15216 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

15:39:10.0578 15216 gagp30kx - ok

15:39:10.0606 15216 gdrv (4412705f7fd88aacb1dad2ed321c3328) C:\Windows\gdrv.sys

15:39:10.0607 15216 gdrv - ok

15:39:10.0678 15216 GGSAFERDriver - ok

15:39:10.0754 15216 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

15:39:10.0755 15216 hamachi - ok

15:39:10.0822 15216 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

15:39:10.0823 15216 hcw85cir - ok

15:39:10.0901 15216 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

15:39:10.0905 15216 HdAudAddService - ok

15:39:10.0997 15216 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

15:39:10.0999 15216 HDAudBus - ok

15:39:11.0056 15216 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

15:39:11.0057 15216 HidBatt - ok

15:39:11.0339 15216 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

15:39:11.0398 15216 HidBth - ok

15:39:12.0201 15216 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

15:39:12.0225 15216 HidIr - ok

15:39:12.0355 15216 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

15:39:12.0370 15216 HidUsb - ok

15:39:12.0486 15216 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

15:39:12.0488 15216 HpSAMD - ok

15:39:12.0579 15216 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

15:39:12.0588 15216 HTTP - ok

15:39:12.0628 15216 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

15:39:12.0630 15216 hwpolicy - ok

15:39:12.0714 15216 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

15:39:12.0716 15216 i8042prt - ok

15:39:12.0806 15216 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys

15:39:12.0811 15216 iaStorV - ok

15:39:12.0884 15216 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

15:39:12.0885 15216 iirsp - ok

15:39:12.0971 15216 IntcAzAudAddService (4a725cdde1a0c3d1b1eaca0d9d0d95d0) C:\Windows\system32\drivers\RTKVHD64.sys

15:39:12.0988 15216 IntcAzAudAddService - ok

15:39:13.0029 15216 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

15:39:13.0030 15216 intelide - ok

15:39:13.0087 15216 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

15:39:13.0113 15216 intelppm - ok

15:39:13.0527 15216 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:39:13.0528 15216 IpFilterDriver - ok

15:39:13.0599 15216 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

15:39:13.0601 15216 IPMIDRV - ok

15:39:13.0675 15216 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

15:39:13.0677 15216 IPNAT - ok

15:39:13.0736 15216 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

15:39:13.0737 15216 IRENUM - ok

15:39:13.0820 15216 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

15:39:13.0821 15216 isapnp - ok

15:39:13.0908 15216 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

15:39:13.0912 15216 iScsiPrt - ok

15:39:13.0972 15216 JRAID (db85fe8d6cbaa2047cb4da1b2c193d76) C:\Windows\system32\DRIVERS\jraid.sys

15:39:13.0973 15216 JRAID - ok

15:39:14.0058 15216 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

15:39:14.0060 15216 kbdclass - ok

15:39:14.0146 15216 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

15:39:14.0146 15216 kbdhid - ok

15:39:14.0215 15216 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

15:39:14.0217 15216 KSecDD - ok

15:39:14.0297 15216 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

15:39:14.0299 15216 KSecPkg - ok

15:39:14.0384 15216 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

15:39:14.0385 15216 ksthunk - ok

15:39:14.0479 15216 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys

15:39:14.0480 15216 Lbd - ok

15:39:14.0546 15216 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

15:39:14.0547 15216 lltdio - ok

15:39:14.0612 15216 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

15:39:14.0613 15216 LSI_FC - ok

15:39:14.0671 15216 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

15:39:14.0673 15216 LSI_SAS - ok

15:39:14.0753 15216 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:39:14.0754 15216 LSI_SAS2 - ok

15:39:14.0826 15216 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:39:14.0828 15216 LSI_SCSI - ok

15:39:14.0900 15216 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

15:39:14.0901 15216 luafv - ok

15:39:14.0958 15216 MBAMProtector - ok

15:39:15.0030 15216 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

15:39:15.0031 15216 megasas - ok

15:39:15.0151 15216 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

15:39:15.0154 15216 MegaSR - ok

15:39:15.0213 15216 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

15:39:15.0214 15216 Modem - ok

15:39:15.0272 15216 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

15:39:15.0273 15216 monitor - ok

15:39:15.0352 15216 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

15:39:15.0353 15216 mouclass - ok

15:39:15.0440 15216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

15:39:15.0441 15216 mouhid - ok

15:39:15.0512 15216 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

15:39:15.0514 15216 mountmgr - ok

15:39:15.0582 15216 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

15:39:15.0585 15216 mpio - ok

15:39:15.0637 15216 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

15:39:15.0637 15216 mpsdrv - ok

15:39:15.0747 15216 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

15:39:15.0748 15216 MREMP50 - ok

15:39:15.0821 15216 MREMP50a64 - ok

15:39:15.0880 15216 MREMPR5 - ok

15:39:15.0946 15216 MRENDIS5 - ok

15:39:16.0056 15216 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

15:39:16.0057 15216 MRESP50 - ok

15:39:16.0138 15216 MRESP50a64 - ok

15:39:16.0218 15216 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

15:39:16.0219 15216 MRxDAV - ok

15:39:16.0312 15216 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:39:16.0314 15216 mrxsmb - ok

15:39:16.0391 15216 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:39:16.0394 15216 mrxsmb10 - ok

15:39:16.0466 15216 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:39:16.0468 15216 mrxsmb20 - ok

15:39:16.0548 15216 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

15:39:16.0549 15216 msahci - ok

15:39:16.0632 15216 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

15:39:16.0634 15216 msdsm - ok

15:39:16.0693 15216 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

15:39:16.0694 15216 Msfs - ok

15:39:16.0755 15216 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

15:39:16.0756 15216 mshidkmdf - ok

15:39:16.0835 15216 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

15:39:16.0836 15216 msisadrv - ok

15:39:16.0907 15216 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

15:39:16.0908 15216 MSKSSRV - ok

15:39:16.0963 15216 msloop (103b3bbe23ab774b009d182276ec6786) C:\Windows\system32\DRIVERS\loop.sys

15:39:16.0964 15216 msloop - ok

15:39:17.0020 15216 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

15:39:17.0020 15216 MSPCLOCK - ok

15:39:17.0075 15216 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

15:39:17.0076 15216 MSPQM - ok

15:39:17.0536 15216 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

15:39:17.0541 15216 MsRPC - ok

15:39:17.0622 15216 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

15:39:17.0623 15216 mssmbios - ok

15:39:17.0674 15216 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

15:39:17.0675 15216 MSTEE - ok

15:39:17.0732 15216 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

15:39:17.0732 15216 MTConfig - ok

15:39:17.0853 15216 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

15:39:17.0854 15216 Mup - ok

15:39:17.0915 15216 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

15:39:17.0919 15216 NativeWifiP - ok

15:39:18.0015 15216 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

15:39:18.0026 15216 NDIS - ok

15:39:18.0089 15216 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

15:39:18.0090 15216 NdisCap - ok

15:39:18.0150 15216 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

15:39:18.0151 15216 NdisTapi - ok

15:39:18.0223 15216 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

15:39:18.0225 15216 Ndisuio - ok

15:39:18.0303 15216 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

15:39:18.0305 15216 NdisWan - ok

15:39:18.0381 15216 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

15:39:18.0383 15216 NDProxy - ok

15:39:18.0444 15216 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

15:39:18.0445 15216 NetBIOS - ok

15:39:18.0515 15216 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

15:39:18.0518 15216 NetBT - ok

15:39:18.0586 15216 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

15:39:18.0587 15216 nfrd960 - ok

15:39:18.0683 15216 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys

15:39:18.0684 15216 NPF - ok

15:39:18.0730 15216 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

15:39:18.0731 15216 Npfs - ok

15:39:18.0781 15216 NPPTNT2 - ok

15:39:18.0839 15216 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

15:39:18.0839 15216 nsiproxy - ok

15:39:18.0941 15216 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys

15:39:18.0966 15216 Ntfs - ok

15:39:19.0040 15216 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

15:39:19.0041 15216 Null - ok

15:39:19.0334 15216 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

15:39:19.0521 15216 nvlddmkm - ok

15:39:19.0604 15216 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys

15:39:19.0606 15216 nvraid - ok

15:39:19.0625 15216 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys

15:39:19.0627 15216 nvstor - ok

15:39:19.0677 15216 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

15:39:19.0679 15216 nv_agp - ok

15:39:19.0718 15216 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

15:39:19.0719 15216 ohci1394 - ok

15:39:19.0763 15216 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

15:39:19.0765 15216 Parport - ok

15:39:19.0808 15216 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

15:39:19.0810 15216 partmgr - ok

15:39:19.0858 15216 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

15:39:19.0861 15216 pci - ok

15:39:19.0875 15216 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

15:39:19.0875 15216 pciide - ok

15:39:19.0893 15216 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

15:39:19.0896 15216 pcmcia - ok

15:39:19.0909 15216 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

15:39:19.0910 15216 pcw - ok

15:39:19.0936 15216 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

15:39:19.0943 15216 PEAUTH - ok

15:39:20.0009 15216 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

15:39:20.0011 15216 PptpMiniport - ok

15:39:20.0030 15216 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

15:39:20.0032 15216 Processor - ok

15:39:20.0072 15216 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

15:39:20.0075 15216 Psched - ok

15:39:20.0112 15216 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

15:39:20.0134 15216 ql2300 - ok

15:39:20.0172 15216 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

15:39:20.0174 15216 ql40xx - ok

15:39:20.0196 15216 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

15:39:20.0196 15216 QWAVEdrv - ok

15:39:20.0212 15216 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

15:39:20.0213 15216 RasAcd - ok

15:39:20.0249 15216 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:39:20.0250 15216 RasAgileVpn - ok

15:39:20.0293 15216 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:39:20.0295 15216 Rasl2tp - ok

15:39:20.0312 15216 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

15:39:20.0314 15216 RasPppoe - ok

15:39:20.0326 15216 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

15:39:20.0328 15216 RasSstp - ok

15:39:20.0377 15216 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

15:39:20.0381 15216 rdbss - ok

15:39:20.0437 15216 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

15:39:20.0438 15216 rdpbus - ok

15:39:20.0493 15216 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:39:20.0494 15216 RDPCDD - ok

15:39:20.0558 15216 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

15:39:20.0559 15216 RDPENCDD - ok

15:39:20.0617 15216 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

15:39:20.0618 15216 RDPREFMP - ok

15:39:20.0690 15216 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

15:39:20.0694 15216 RDPWD - ok

15:39:20.0784 15216 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

15:39:20.0787 15216 rdyboost - ok

15:39:20.0889 15216 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

15:39:20.0891 15216 rspndr - ok

15:39:20.0948 15216 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys

15:39:20.0950 15216 RTL8167 - ok

15:39:21.0024 15216 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

15:39:21.0026 15216 sbp2port - ok

15:39:21.0093 15216 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

15:39:21.0219 15216 scfilter - ok

15:39:22.0100 15216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

15:39:22.0100 15216 secdrv - ok

15:39:22.0179 15216 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

15:39:22.0180 15216 Serenum - ok

15:39:22.0239 15216 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

15:39:22.0240 15216 Serial - ok

15:39:22.0321 15216 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

15:39:22.0322 15216 sermouse - ok

15:39:22.0406 15216 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

15:39:22.0407 15216 sffdisk - ok

15:39:22.0483 15216 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

15:39:22.0483 15216 sffp_mmc - ok

15:39:22.0562 15216 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

15:39:22.0563 15216 sffp_sd - ok

15:39:22.0622 15216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

15:39:22.0623 15216 sfloppy - ok

15:39:22.0682 15216 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:39:22.0683 15216 SiSRaid2 - ok

15:39:22.0736 15216 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

15:39:22.0738 15216 SiSRaid4 - ok

15:39:22.0801 15216 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

15:39:22.0803 15216 Smb - ok

15:39:22.0885 15216 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

15:39:22.0886 15216 spldr - ok

15:39:22.0969 15216 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

15:39:22.0974 15216 srv - ok

15:39:23.0066 15216 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

15:39:23.0071 15216 srv2 - ok

15:39:23.0472 15216 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

15:39:23.0474 15216 srvnet - ok

15:39:23.0546 15216 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

15:39:23.0547 15216 stexstor - ok

15:39:23.0627 15216 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

15:39:23.0628 15216 swenum - ok

15:39:23.0740 15216 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

15:39:23.0749 15216 Tcpip - ok

15:39:23.0856 15216 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

15:39:23.0865 15216 TCPIP6 - ok

15:39:23.0946 15216 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

15:39:23.0947 15216 tcpipreg - ok

15:39:24.0004 15216 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

15:39:24.0005 15216 TDPIPE - ok

15:39:24.0053 15216 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

15:39:24.0054 15216 TDTCP - ok

15:39:24.0125 15216 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

15:39:24.0126 15216 tdx - ok

15:39:24.0221 15216 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

15:39:24.0222 15216 TermDD - ok

15:39:24.0313 15216 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:39:24.0315 15216 tssecsrv - ok

15:39:24.0396 15216 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

15:39:24.0397 15216 TsUsbFlt - ok

15:39:24.0496 15216 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

15:39:24.0498 15216 tunnel - ok

15:39:24.0558 15216 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

15:39:24.0560 15216 uagp35 - ok

15:39:24.0641 15216 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

15:39:24.0645 15216 udfs - ok

15:39:24.0725 15216 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

15:39:24.0726 15216 uliagpkx - ok

15:39:24.0809 15216 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

15:39:24.0810 15216 umbus - ok

15:39:24.0860 15216 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

15:39:24.0861 15216 UmPass - ok

15:39:24.0951 15216 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

15:39:24.0953 15216 usbaudio - ok

15:39:25.0029 15216 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys

15:39:25.0031 15216 usbccgp - ok

15:39:25.0189 15216 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

15:39:25.0191 15216 usbcir - ok

15:39:25.0272 15216 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys

15:39:25.0273 15216 usbehci - ok

15:39:25.0361 15216 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys

15:39:25.0366 15216 usbhub - ok

15:39:25.0467 15216 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

15:39:25.0468 15216 usbohci - ok

15:39:25.0832 15216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

15:39:25.0833 15216 usbprint - ok

15:39:25.0914 15216 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:39:25.0915 15216 USBSTOR - ok

15:39:25.0994 15216 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

15:39:25.0995 15216 usbuhci - ok

15:39:26.0078 15216 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

15:39:26.0079 15216 vdrvroot - ok

15:39:26.0150 15216 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

15:39:26.0151 15216 vga - ok

15:39:26.0208 15216 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

15:39:26.0208 15216 VgaSave - ok

15:39:26.0287 15216 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

15:39:26.0290 15216 vhdmp - ok

15:39:26.0372 15216 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

15:39:26.0373 15216 viaide - ok

15:39:26.0450 15216 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

15:39:26.0451 15216 volmgr - ok

15:39:26.0525 15216 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

15:39:26.0530 15216 volmgrx - ok

15:39:26.0617 15216 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

15:39:26.0621 15216 volsnap - ok

15:39:26.0680 15216 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

15:39:26.0682 15216 vsmraid - ok

15:39:26.0737 15216 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

15:39:26.0738 15216 vwifibus - ok

15:39:26.0797 15216 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

15:39:26.0798 15216 WacomPen - ok

15:39:26.0902 15216 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:39:26.0903 15216 WANARP - ok

15:39:26.0916 15216 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:39:26.0917 15216 Wanarpv6 - ok

15:39:26.0999 15216 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

15:39:26.0999 15216 Wd - ok

15:39:27.0027 15216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

15:39:27.0035 15216 Wdf01000 - ok

15:39:27.0725 15216 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

15:39:27.0726 15216 WfpLwf - ok

15:39:27.0785 15216 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

15:39:27.0786 15216 WIMMount - ok

15:39:27.0890 15216 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

15:39:27.0891 15216 WmiAcpi - ok

15:39:27.0948 15216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

15:39:27.0949 15216 ws2ifsl - ok

15:39:28.0022 15216 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

15:39:28.0023 15216 WudfPf - ok

15:39:28.0101 15216 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:39:28.0104 15216 WUDFRd - ok

15:39:28.0146 15216 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

15:39:28.0188 15216 \Device\Harddisk0\DR0 - ok

15:39:28.0190 15216 Boot (0x1200) (75e339bdd88122f9dce538687b16e6b1) \Device\Harddisk0\DR0\Partition0

15:39:28.0191 15216 \Device\Harddisk0\DR0\Partition0 - ok

15:39:28.0192 15216 ============================================================

15:39:28.0192 15216 Scan finished

15:39:28.0192 15216 ============================================================

15:39:28.0201 15944 Detected object count: 0

15:39:28.0201 15944 Actual detected object count: 0

After running TDSSKiller I was still experiencing issues.

Kamarill · December 26, 2011

ComboFix.txt:

ComboFix 11-12-24.10 - Kamarill 12/25/2011 15:54:40.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2084 [GMT -6:00]

Running from: c:\users\Kamarill\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\windows\system32\consrv.dll

c:\windows\system32\java.exe

c:\windows\System64

c:\windows\SysWow64\ccrpTmr6.dll

c:\windows\SysWow64\tmp1C40.tmp

c:\windows\SysWow64\tmp1CFD.tmp

.

((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 )))))))))))))))))))))))))))))))

.

2011-12-25 22:36 . 2011-12-25 22:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-12-25 22:36 . 2011-12-25 22:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-25 06:33 . 2011-12-24 14:10 79872 ----a-w- c:\windows\SysWow64\42EB02.exe

2011-12-25 06:13 . 2011-12-25 06:14 -------- d-----w- c:\program files (x86)\Ask.com

2011-12-24 12:10 . 2011-12-24 12:10 29184 ----a-w- c:\windows\SysWow64\42EB02.com

2011-12-24 12:05 . 2011-12-24 12:08 -------- d-----w- c:\users\Kamarill\AppData\Roaming\Polynomial

2011-12-20 16:51 . 2011-12-20 16:51 -------- d-----w- c:\users\Kamarill\AppData\Roaming\Atari

2011-12-20 10:06 . 2010-06-02 10:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2011-12-20 10:06 . 2010-06-02 10:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll

2011-12-20 10:06 . 2010-06-02 10:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll

2011-12-20 10:06 . 2010-05-26 17:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2011-12-20 10:06 . 2010-05-26 17:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2011-12-20 10:06 . 2010-05-26 17:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll

2011-12-20 10:06 . 2010-05-26 17:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll

2011-12-20 10:04 . 2011-12-20 10:21 -------- d-----w- c:\users\Kamarill\AppData\Local\Two Tribes

2011-12-17 17:45 . 2011-12-17 17:45 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-12-17 17:43 . 2011-12-17 17:43 -------- d-----w- c:\users\Kamarill\AppData\Roaming\Malwarebytes

2011-12-17 17:43 . 2011-12-17 17:43 -------- d-----w- c:\programdata\Malwarebytes

2011-12-17 17:43 . 2011-12-17 17:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-15 00:17 . 2011-12-15 00:17 -------- d-----w- c:\program files (x86)\WinGlulxe

2011-12-14 23:56 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-14 23:56 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-12-14 23:56 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll

2011-12-14 23:56 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-12-14 23:56 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-12 00:43 . 2011-12-12 00:43 388096 ----a-r- c:\users\Kamarill\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-12 00:43 . 2011-12-12 00:43 -------- d-----w- c:\program files (x86)\Trend Micro

2011-12-10 07:38 . 2010-05-26 17:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll

2011-12-10 07:38 . 2010-05-26 17:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll

2011-12-10 07:37 . 2010-05-26 17:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll

2011-12-10 07:37 . 2010-05-26 17:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll

2011-12-10 07:37 . 2010-05-26 17:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2011-12-10 07:37 . 2010-05-26 17:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll

2011-11-26 04:14 . 2011-11-26 04:14 -------- d-----w- c:\users\Kamarill\AppData\Local\Chromium

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-14 11:36 . 2011-05-17 18:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-09 01:07 . 2011-04-01 20:17 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-12-08 04:26 . 2011-12-09 19:05 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D2481BE-4989-408E-9769-243F11963815}\mpengine.dll

2011-11-10 11:54 . 2011-05-23 06:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-11-05 04:26 . 2011-12-14 23:56 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-03 22:39 . 2011-12-15 09:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2011-10-15 08:53 . 2011-11-11 06:04 7581504 ----a-w- c:\windows\system32\nvcuda.dll

2011-10-15 08:53 . 2011-11-11 06:04 68928 ----a-w- c:\windows\system32\OpenCL.dll

2011-10-15 08:53 . 2011-11-11 06:04 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2011-10-15 08:53 . 2011-11-11 06:04 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll

2011-10-15 08:53 . 2011-11-11 06:04 2542912 ----a-w- c:\windows\system32\nvcuvid.dll

2011-10-15 08:53 . 2011-11-11 06:04 24796992 ----a-w- c:\windows\system32\nvcompiler.dll

2011-10-15 08:53 . 2011-11-11 06:04 24742720 ----a-w- c:\windows\system32\nvoglv64.dll

2011-10-15 08:53 . 2011-11-11 06:04 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2011-10-15 08:53 . 2011-11-11 06:04 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-10-15 08:53 . 2011-11-11 06:04 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2011-10-15 08:53 . 2011-11-11 06:04 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2011-10-15 08:53 . 2011-11-11 06:04 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2011-10-15 08:53 . 2011-11-11 06:04 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll

2011-10-15 08:53 . 2011-11-11 06:04 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-10-15 08:53 . 2011-08-19 14:33 1533248 ----a-w- c:\windows\system32\nvdispco64.dll

2011-10-15 08:53 . 2011-08-19 14:33 1454400 ----a-w- c:\windows\system32\nvgenco64.dll

2011-10-15 08:53 . 2011-04-01 20:28 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2011-10-15 08:53 . 2011-04-01 20:28 2808128 ----a-w- c:\windows\system32\nvapi64.dll

2011-10-15 08:53 . 2011-04-01 20:28 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll

2011-10-15 08:53 . 2011-01-08 01:49 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll

2011-10-15 08:53 . 2011-01-08 01:49 10406208 ----a-w- c:\windows\system32\nvcpl.dll

2011-10-15 08:53 . 2011-01-08 01:49 5067584 ----a-w- c:\windows\system32\nvsvc64.dll

2011-10-15 08:53 . 2011-01-08 01:48 222528 ----a-w- c:\windows\system32\nvmctray.dll

2011-10-15 08:53 . 2011-01-08 01:48 1640768 ----a-w- c:\windows\system32\nvvsvc.exe

2011-10-15 08:53 . 2011-01-08 01:48 137536 ----a-w- c:\windows\system32\nvshext.dll

2011-10-15 08:53 . 2009-07-13 21:59 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll

2011-10-15 08:53 . 2009-06-10 20:37 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2011-10-15 06:54 . 2011-10-15 06:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2011-10-13 20:29 . 2011-10-13 20:29 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll

2011-10-13 20:29 . 2011-10-13 20:29 28056 ----a-w- c:\windows\system32\xfcodec64.dll

2011-10-03 10:31 . 2011-10-03 10:35 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll

2011-10-03 09:24 . 2011-10-03 09:15 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2011-10-03 09:24 . 2011-10-03 09:06 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2011-10-03 09:15 . 2011-10-03 09:06 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2011-10-03 09:06 . 2011-10-03 09:06 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2011-09-29 16:29 . 2011-11-09 02:01 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-29 04:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Kamarill\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Kamarill\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Kamarill\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Kamarill\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-12-07 1242448]

"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]

"MP3 Skype Recorder"="c:\program files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-06-23 1968640]

"F.lux"="c:\users\Kamarill\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"VolPanel"="c:\program files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe" [2009-05-05 241789]

"CtaMon"="CtaMon.dll" [2008-08-27 9728]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]

"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\users\Kamarill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Kamarill\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-05-26 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-26 79360]

R3 Ctafiltv;Ctafiltv;c:\windows\system32\drivers\Ctafiltv.sys [x]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-02-02 517632]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-05-28 17152]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - LAVASOFT_KERNEXPLORER

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-25 c:\windows\Tasks\At1.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At10.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At11.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At12.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At13.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At14.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At15.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At16.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At17.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At18.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At19.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At2.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At20.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At21.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At22.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At23.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At24.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At25.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At26.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At27.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At28.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At29.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At3.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At30.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At31.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At32.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At33.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At34.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-24 c:\windows\Tasks\At35.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-24 c:\windows\Tasks\At36.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At37.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At38.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At39.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At4.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At40.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At41.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At42.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At43.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At44.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At45.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At46.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At47.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At48.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At49.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At5.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At51.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At53.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At55.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At57.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At59.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At6.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At61.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At63.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At65.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At67.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At69.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At7.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At71.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At73.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At75.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At77.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At79.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At8.job

- c:\windows\system32\42EB02.exe_ [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At81.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-24 c:\windows\Tasks\At83.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At85.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At87.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At89.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At9.job

- c:\windows\system32\42EB02.exe [2011-12-25 14:10]

.

2011-12-25 c:\windows\Tasks\At91.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At93.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\At95.job

- c:\windows\system32\42EB02.com [2011-12-24 12:10]

.

2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645332414-3284546636-808201787-1000Core.job

- c:\users\Kamarill\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-24 06:02]

.

2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645332414-3284546636-808201787-1000UA.job

- c:\users\Kamarill\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-24 06:02]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Kamarill\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Kamarill\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Kamarill\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Kamarill\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-07-24 6452256]

"Skytel"="Skytel.exe" [2008-07-24 1833504]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

"combofix"="c:\combofix\CF8435.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

FF - ProfilePath - c:\users\Kamarill\AppData\Roaming\Mozilla\Firefox\Profiles\7rwyawao.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:db,b8,87,de,a3,c2,cc,01

.

[HKEY_USERS\S-1-5-21-1645332414-3284546636-808201787-1000\Software\SecuROM\License information*]

"datasecu"=hex:10,28,c5,0f,d9,24,58,42,33,4b,00,b5,dd,c1,4f,47,ae,f9,8d,93,9b,

44,49,f2,a1,70,8c,87,81,05,1c,dc,71,50,db,26,e7,79,01,82,5e,c5,a0,cf,11,f2,\

"rkeysecu"=hex:eb,23,0c,50,7b,47,6a,1d,9e,7d,28,00,e1,31,d8,d0

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Common Files\Motive\McciCMService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

c:\program files (x86)\OpenOffice.org 3\program\soffice.exe

c:\program files (x86)\OpenOffice.org 3\program\soffice.bin

c:\windows\SysWOW64\rundll32.exe

.

**************************************************************************

.

Completion time: 2011-12-25 17:17:41 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-25 23:17

.

Pre-Run: 138,222,628,864 bytes free

Post-Run: 140,554,268,672 bytes free

.

- - End Of File - - 73B8E13696792F8D0B6C82E3E8D29698

At the end of running this my issues seemed to be fixed. I still ran MBRCheck:

MBRCheck, version 1.2.3

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: Gigabyte Technology Co., Ltd.

BIOS Manufacturer: Award Software International, Inc.

System Manufacturer: Gigabyte Technology Co., Ltd.

System Product Name: EX58-UD3R

Logical Drives Mask: 0x0000000d

Kernel Drivers (total 150):

0x02C50000 \SystemRoot\system32\ntoskrnl.exe

0x02C07000 \SystemRoot\system32\hal.dll

0x00BB2000 \SystemRoot\system32\kdcom.dll

0x00C07000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00C56000 \SystemRoot\system32\PSHED.dll

0x00C6A000 \SystemRoot\system32\CLFS.SYS

0x00CC8000 \SystemRoot\system32\CI.dll

0x00E63000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F07000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F16000 \SystemRoot\system32\drivers\ACPI.sys

0x00F6D000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00F76000 \SystemRoot\system32\drivers\msisadrv.sys

0x00F80000 \SystemRoot\system32\drivers\pci.sys

0x00FB3000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00FC0000 \SystemRoot\System32\drivers\partmgr.sys

0x00FD5000 \SystemRoot\system32\drivers\volmgr.sys

0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys

0x00E5C000 \SystemRoot\system32\drivers\pciide.sys

0x00FEA000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x00D88000 \SystemRoot\System32\drivers\mountmgr.sys

0x00DA2000 \SystemRoot\system32\drivers\atapi.sys

0x00DAB000 \SystemRoot\system32\drivers\ataport.SYS

0x00DD5000 \SystemRoot\system32\DRIVERS\jraid.sys

0x01086000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x010B5000 \SystemRoot\system32\drivers\amdxata.sys

0x010C0000 \SystemRoot\system32\drivers\fltmgr.sys

0x0110C000 \SystemRoot\system32\drivers\fileinfo.sys

0x01120000 \SystemRoot\system32\DRIVERS\Lbd.sys

0x01233000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01135000 \SystemRoot\System32\Drivers\msrpc.sys

0x013D6000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01000000 \SystemRoot\System32\Drivers\cng.sys

0x01200000 \SystemRoot\System32\drivers\pcw.sys

0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x014D9000 \SystemRoot\system32\drivers\ndis.sys

0x01400000 \SystemRoot\system32\drivers\NETIO.SYS

0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01611000 \SystemRoot\System32\drivers\tcpip.sys

0x01815000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x0185F000 \SystemRoot\system32\drivers\volsnap.sys

0x018AB000 \SystemRoot\System32\Drivers\spldr.sys

0x018B3000 \SystemRoot\System32\drivers\rdyboost.sys

0x018ED000 \SystemRoot\System32\Drivers\mup.sys

0x018FF000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01908000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01942000 \SystemRoot\system32\DRIVERS\disk.sys

0x01958000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x019CE000 \SystemRoot\system32\drivers\cdrom.sys

0x01600000 \SystemRoot\System32\Drivers\Null.SYS

0x01609000 \SystemRoot\System32\Drivers\Beep.SYS

0x0148B000 \SystemRoot\System32\drivers\vga.sys

0x01499000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x014BE000 \SystemRoot\System32\drivers\watchdog.sys

0x014CE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x015CC000 \SystemRoot\system32\drivers\rdpencdd.sys

0x015D5000 \SystemRoot\system32\drivers\rdprefmp.sys

0x015DE000 \SystemRoot\System32\Drivers\Msfs.SYS

0x015E9000 \SystemRoot\System32\Drivers\Npfs.SYS

0x01193000 \SystemRoot\system32\DRIVERS\tdx.sys

0x0121B000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x040FD000 \SystemRoot\system32\drivers\afd.sys

0x04186000 \SystemRoot\System32\DRIVERS\netbt.sys

0x041CB000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x041D4000 \SystemRoot\system32\DRIVERS\pacer.sys

0x04000000 \SystemRoot\system32\DRIVERS\netbios.sys

0x0400F000 \SystemRoot\system32\DRIVERS\serial.sys

0x0402C000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x04047000 \SystemRoot\system32\drivers\termdd.sys

0x0405B000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x040AC000 \SystemRoot\system32\drivers\nsiproxy.sys

0x040B8000 \SystemRoot\system32\drivers\mssmbios.sys

0x040C3000 \SystemRoot\System32\drivers\discache.sys

0x040D2000 \SystemRoot\System32\Drivers\dfsc.sys

0x011B5000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x011C6000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x044A3000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x0F080000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x0FCF7000 \SystemRoot\System32\Drivers\nvBridge.kmd

0x0FCF9000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x0F000000 \SystemRoot\System32\drivers\dxgmms1.sys

0x0F046000 \SystemRoot\system32\drivers\usbuhci.sys

0x044B9000 \SystemRoot\system32\drivers\USBPORT.SYS

0x0F053000 \SystemRoot\system32\drivers\usbehci.sys

0x0450F000 \SystemRoot\system32\drivers\HDAudBus.sys

0x04533000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x04565000 \SystemRoot\system32\drivers\1394ohci.sys

0x0F064000 \SystemRoot\system32\DRIVERS\fdc.sys

0x0F071000 \SystemRoot\system32\DRIVERS\serenum.sys

0x0FDED000 \SystemRoot\system32\drivers\wmiacpi.sys

0x045A3000 \SystemRoot\system32\drivers\CompositeBus.sys

0x045B3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x045C9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x045ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x04400000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x0442F000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x0444A000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x0446B000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x04485000 \SystemRoot\system32\DRIVERS\hamachi.sys

0x04490000 \SystemRoot\system32\drivers\kbdclass.sys

0x013F1000 \SystemRoot\system32\drivers\mouclass.sys

0x0FDF6000 \SystemRoot\system32\drivers\swenum.sys

0x04A77000 \SystemRoot\system32\drivers\ks.sys

0x04ABA000 \SystemRoot\system32\drivers\umbus.sys

0x04ACC000 \SystemRoot\system32\drivers\usbhub.sys

0x04B26000 \SystemRoot\system32\DRIVERS\flpydisk.sys

0x04B31000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x05C78000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x05C00000 \SystemRoot\system32\drivers\portcls.sys

0x05C3D000 \SystemRoot\system32\drivers\drmk.sys

0x05C5F000 \SystemRoot\system32\drivers\ksthunk.sys

0x05DE2000 \SystemRoot\system32\drivers\usbccgp.sys

0x05C65000 \SystemRoot\system32\drivers\USBD.SYS

0x05C67000 \SystemRoot\system32\drivers\hidusb.sys

0x04B46000 \SystemRoot\system32\drivers\HIDCLASS.SYS

0x04B5F000 \SystemRoot\system32\drivers\HIDPARSE.SYS

0x04B68000 \SystemRoot\system32\drivers\kbdhid.sys

0x04B76000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x000B0000 \SystemRoot\System32\win32k.sys

0x04B83000 \SystemRoot\System32\drivers\Dxapi.sys

0x04B8F000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00550000 \SystemRoot\System32\TSDDD.dll

0x00610000 \SystemRoot\System32\cdd.dll

0x04B9D000 \SystemRoot\system32\drivers\luafv.sys

0x04BC0000 \SystemRoot\system32\drivers\WudfPf.sys

0x04BE1000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x04A00000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x06E4D000 \SystemRoot\system32\drivers\HTTP.sys

0x06F16000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x06F47000 \SystemRoot\system32\DRIVERS\bowser.sys

0x06F65000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x06F92000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x06E00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x07016000 \SystemRoot\System32\DRIVERS\srv2.sys

0x0707F000 \SystemRoot\System32\DRIVERS\srv.sys

0x07117000 \SystemRoot\system32\DRIVERS\udfs.sys

0x0716C000 \SystemRoot\System32\Drivers\crashdmp.sys

0x0717A000 \SystemRoot\System32\Drivers\dump_diskdump.sys

0x07184000 \SystemRoot\System32\Drivers\dump_JRAID.sys

0x0719F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x071B2000 \SystemRoot\system32\drivers\npf.sys

0x076E4000 \SystemRoot\system32\drivers\peauth.sys

0x0778A000 \SystemRoot\System32\Drivers\secdrv.SYS

0x07795000 \SystemRoot\System32\drivers\tcpipreg.sys

0x077A7000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys

0x077AE000 \SystemRoot\System32\Drivers\fastfat.SYS

0x07671000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x0767C000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS

0x77120000 \Windows\System32\ntdll.dll

0x48300000 \Windows\System32\smss.exe

0xFF440000 \Windows\System32\apisetschema.dll

Processes (total 69):

0 System Idle Process

4 System

320 C:\Windows\System32\smss.exe

452 csrss.exe

528 C:\Windows\System32\wininit.exe

556 csrss.exe

588 C:\Windows\System32\services.exe

616 C:\Windows\System32\lsass.exe

624 C:\Windows\System32\lsm.exe

732 C:\Windows\System32\svchost.exe

796 C:\Windows\System32\nvvsvc.exe

820 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

876 C:\Windows\System32\svchost.exe

924 C:\Windows\System32\winlogon.exe

992 C:\Windows\System32\svchost.exe

140 C:\Windows\System32\svchost.exe

392 C:\Windows\System32\svchost.exe

1056 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

1100 C:\Windows\System32\svchost.exe

1220 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

1232 C:\Windows\System32\nvvsvc.exe

1496 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

1676 C:\Windows\System32\spoolsv.exe

1936 C:\Windows\System32\svchost.exe

1972 C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

1992 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

2028 C:\Program Files\Common Files\Motive\McciCMService.exe

1372 C:\Windows\SysWOW64\PnkBstrA.exe

1532 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

444 C:\Windows\System32\svchost.exe

1708 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

544 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2088 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2432 unsecapp.exe

2520 WmiPrvSE.exe

2656 C:\Windows\System32\taskhost.exe

2736 C:\Windows\System32\dwm.exe

2760 C:\Windows\explorer.exe

1912 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

2440 C:\Windows\RAVCpl64.exe

2968 C:\Program Files\Zune\ZuneLauncher.exe

2948 C:\Program Files (x86)\Steam\Steam.exe

1420 C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe

1452 C:\Users\Kamarill\AppData\Local\Apps\F.lux\flux.exe

2148 C:\Program Files (x86)\Skype\Phone\Skype.exe

2756 C:\Users\Kamarill\AppData\Roaming\Dropbox\bin\Dropbox.exe

2124 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

2900 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

3076 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

3096 C:\Program Files (x86)\Creative\SB Arena Surround Headset\Volume Panel\VolPanlu.exe

3120 C:\Windows\SysWOW64\rundll32.exe

3172 C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

3200 C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe

3356 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

3404 C:\Windows\System32\svchost.exe

3928 C:\Windows\System32\SearchIndexer.exe

4088 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

428 C:\Windows\System32\svchost.exe

3032 C:\Program Files (x86)\Internet Explorer\iexplore.exe

2160 C:\Program Files (x86)\Internet Explorer\iexplore.exe

1980 C:\Program Files (x86)\Internet Explorer\iexplore.exe

4028 C:\Program Files (x86)\Internet Explorer\iexplore.exe

4780 C:\Program Files (x86)\Internet Explorer\iexplore.exe

1376 C:\Program Files (x86)\Internet Explorer\iexplore.exe

4624 C:\Program Files (x86)\Internet Explorer\iexplore.exe

5148 C:\Program Files (x86)\Internet Explorer\iexplore.exe

5480 C:\Windows\System32\audiodg.exe

5940 C:\Users\Kamarill\Desktop\MBRCheck.exe

5956 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6401AALS-00E3A0, Rev: 05.01D05

Size Device Name MBR Status

--------------------------------------------

596 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Thanks for the help!

D-FRED-BROWN · December 26, 2011

Thank you for the welcomes! The delay was no issue; it gave me no excuse to spend Christmas with my family (and I hope your holidays were good as well!)

No problem, and Merry Christmas to you as well!

Your MBRCheck log shows a suspicious entry that I'd like to take a deeper look at.

Please do the following:

----------

Please do the following:

Please download aswMBR.exe from here and save it to your Desktop.
Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
Click Scan
Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

----------

Next, please dump the MBR using MBRCheck:

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Enter Y and press Enter.

The following dialog will be presented:

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:

Enter 1 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):

Enter 0 (zero) and press Enter

The following dialog will be presented:

Enter filename to dump to:

Type mbr-dump.dat and press Enter

The following dialog will be presented:

Dumped successfully!
Enter the physical disk to dump (0-99, -1 to exit):

Enter -1 and press Enter

And last the following dialog will be presented:

Done! Press ENTER to exit...

Press Enter.

A file mbr-dump.dat will be produced on the desktop. Now you have to compress this file:

Right click on it
Navigate and select Send to
Then navigate and select Compressed (zipped) Folder
A file mbr-dump.zip will be produced on the desktop

Please attach this file (mbr-dump.zip) in your next reply.

----------

In your next reply, please include:

aswMBR report & MBR.dat zip file
mbr-dump.dat zip file

Kamarill · December 26, 2011

I have attached both files as requested. Thanks!

MBR.zip

MBRCheck_12.26.11_01.09.10.zip

D-FRED-BROWN · December 26, 2011

Hello

You sent me the wrong MBRCheck report- what we're after right now is mbr-dump.dat. Please attach that file (you'll have to make it a Compressed (zipped) Folder, see my previous post for instructions) and upload it here if possible. If you're having trouble, just ask .

-DFB

Kamarill · December 27, 2011

Woops, must've clicked the wrong file.

I'd also like to post this most recent MBAM log, which I ran after I noticed most outgoing connections were blocked on some ports.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122602

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/26/2011 5:57:46 PM

mbam-log-2011-12-26 (17-57-46).txt

Scan type: Quick scan

Objects scanned: 200542

Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\System32\42EB02.exe (Trojan.Email) -> Quarantined and deleted successfully.

c:\Windows\System32\42eb02.exe_ (Trojan.Email) -> Quarantined and deleted successfully.

c:\Windows\SysWOW64\42EB02.exe (Trojan.Email) -> Quarantined and deleted successfully.

c:\Windows\SysWOW64\42eb02.exe_ (Trojan.Email) -> Quarantined and deleted successfully.

mbr-dump.zip

D-FRED-BROWN · December 27, 2011

You've got quite a nasty infection. The procedure we'll use to remove it requires that you be precise and exact with the instructions I give you- if you have questions, please ask before proceeding with anything.

Please print these instructions- it will make it easier for you to follow these instructions if you have a paper copy handy with you.

--------

For x64 bit systems download MBRFix64 and save it to the C:\ drive.

Next, please download and save the following file onto the same flash drive: newMBR.bin and save it to the C:\ drive.

Again, BOTH files need to be saved to the directly to the C:\ drive!

(Ex: C:\MBRFix64.exe, C:\newMBR.bin)

--------

Once you have done that, please do the following:

On Windows 7: Now please enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

--------

This time, select Command Prompt.

In the Command Prompt window, please type the following (in bold):

MbrFix64 /drive 0 restorembr newMBR.bin

Then, press Enter.

Next, type exit and press Enter.

Reboot the computer. Let me know if that resolves the issue

Kamarill · December 27, 2011

I was unable to do this, as I waited about one hour and the loading bar did not budge in the slightest.

Attempting to repair it with my Windows CD got me to the part where you select which drive you wanted to repair, but my drive never popped up.

D-FRED-BROWN · December 27, 2011

Let's try a different method:

Please try the following. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer

Insert your USB drive
Press Start > My Computer > right click your USB drive > choose Format > Quick format
Double click the unetbootin-xpud-windows-387.exe that you just downloaded
Press Run then OK
It will install a little bootable OS on your USB
After it has completed do not choose to reboot the clean computer simply close the installer
Remove the USB and insert it in the sick computer
Boot the Sick computer
Press F12 and choose to boot from the USB
Follow the prompts
A Welcome to xPUD screen will appear
Press File
Expand mnt
sda1,2...usually corresponds to your HDD
sdb1 is likely your USB
Press Tool at the top
Choose Open Terminal
Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

D-FRED-BROWN · January 1, 2012

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them.

If not, please let me know so I can close this topic.

-DFB

screen317 · February 22, 2012

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

screen317 · February 28, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

PING.EXE issues

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information