Jump to content

Alereon not going away


Twotone

Recommended Posts

MSE finds it but doesn't remove it. It just comes right back after reboot. TDSSKiller also does not remove it. I have removed MSE to try Eset trial but it will not install. Help is appreciated.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Jeremy at 20:08:52 on 2011-12-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2649 [GMT -6:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\SPBA\upeksvr.exe

C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Program Files (x86)\Acer Bio Protection\BASVC.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe

C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.EXE

C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe

C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5739g&r=27360210x116l0323z1j6t4824u248

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5739g&r=27360210x116l0323z1j6t4824u248

mDefault_Page_URL = hxxp://www.yahoo.com

mStart Page = hxxp://www.yahoo.com

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "C:\Users\Jeremy\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [VitaKeyPdtWzd] "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe"

mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe

mRun: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: mswsock.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{AAF3B208-519F-47B9-B750-E64A649F5621} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{AAF3B208-519F-47B9-B750-E64A649F5621}\051627B6027427F667560294E6E60273820392 : DhcpNameServer = 66.184.128.38 207.230.75.50

TCP: Interfaces\{AAF3B208-519F-47B9-B750-E64A649F5621}\054594 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{AAF3B208-519F-47B9-B750-E64A649F5621}\34F6D666F6274794E6E6 : DhcpNameServer = 66.184.128.38 207.230.75.50

TCP: Interfaces\{AAF3B208-519F-47B9-B750-E64A649F5621}\46C696E6B6 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{AAF3B208-519F-47B9-B750-E64A649F5621}\84166756E6F66686F60756 : DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{AAF3B208-519F-47B9-B750-E64A649F5621}\F40756E64435C4 : DhcpNameServer = 192.168.254.254 192.168.254.254

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

LSA: Notification Packages = C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [VitaKeyPdtWzd] "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe"

mRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

mRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe

mRun-x64: [YSearchProtection] "C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

IE-X64: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

Hosts: 69.72.252.254 www.google-analytics.com.

Hosts: 69.72.252.254 ad-emea.doubleclick.net.

Hosts: 69.72.252.254 www.statcounter.com.

Hosts: 184.95.41.155 www.google-analytics.com.

Hosts: 184.95.41.155 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-8-22 796192]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]

R2 IGBASVC;EgisTec Service;C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [2009-8-5 3453440]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-20 62720]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 nuvotoncir;Nuvoton IR Transceiver;C:\Windows\system32\DRIVERS\nuvotoncir.sys --> C:\Windows\system32\DRIVERS\nuvotoncir.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]

S2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-8-22 253952]

S3 AVerFx2hbtv64;AVerMedia H826 USB Hybrid Tuner;C:\Windows\system32\drivers\AVerFx2hbtv64.sys --> C:\Windows\system32\drivers\AVerFx2hbtv64.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-12-23 23:25:50 -------- d-----w- C:\Program Files\ESET

2011-12-23 20:51:38 -------- d-----w- C:\Program Files (x86)\ESET

2011-12-23 07:29:34 -------- d-----w- C:\ProgramData\Hitman Pro

2011-12-23 06:13:26 -------- d-----w- C:\Program Files (x86)\UVK

2011-12-23 03:59:52 -------- d-----w- C:\Users\Jeremy\AppData\Local\SWTOR

2011-12-23 03:53:46 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-12-23 03:45:52 -------- d-----w- C:\TDSSKiller_Quarantine

2011-12-21 07:28:25 4991496 ----a-w- C:\Windows\System32\D3DX9_38.dll

2011-12-21 07:28:25 3850760 ----a-w- C:\Windows\SysWow64\D3DX9_38.dll

2011-12-21 05:57:39 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare

2011-12-21 01:58:53 -------- d-----w- C:\Users\Jeremy\AppData\Roaming\Malwarebytes

2011-12-21 01:58:45 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-21 01:58:42 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-21 01:58:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-21 01:54:01 -------- d-----w- C:\Users\Jeremy\AppData\Roaming\SUPERAntiSpyware.com

2011-12-20 20:59:14 -------- d-----we C:\Windows\system64

2011-12-15 03:18:31 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-12-15 03:18:31 2048 ----a-w- C:\Windows\System32\tzres.dll

.

==================== Find3M ====================

.

2011-12-21 02:28:41 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-30 03:16:49 210966246 ----a-w- C:\Bejeweled 3.exe

2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 20:10:36.23 ===============

Attach.zip

Link to post
Share on other sites

Hello Twotone and welcome to Malwarebytes! :welcome:

I apologize for the delay.

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please do the following:

  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:
http://ad13.geekstogo.com/MBRCheck.exe
http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe
http://www.kernelmode.info/MBRCheck.exe
Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".
Press the "Enter" key to close the MBRCheck window and post the contents of the log file.
-------------
In your next reply, please include:
  • aswMBR log and MBR.dat zip file
  • TDSSKiller report
  • C:\ComboFix.txt
  • MBRCheck report

How is your computer running now?

Link to post
Share on other sites

MBR and MBR.dat

aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software

Run date: 2011-12-26 10:32:01

-----------------------------

10:32:01.195 OS Version: Windows x64 6.1.7601 Service Pack 1

10:32:01.195 Number of processors: 2 586 0x170A

10:32:01.195 ComputerName: ACER-PC UserName: Jeremy

10:32:02.490 Initialize success

10:32:50.978 AVAST engine defs: 11122501

10:35:37.165 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

10:35:37.165 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3

10:35:37.196 Disk 0 MBR read successfully

10:35:37.196 Disk 0 MBR scan

10:35:37.212 Disk 0 Windows 7 default MBR code

10:35:37.227 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048

10:35:37.290 Disk 0 Partition 2 00 12 Compaq diag NTFS 3584 MB offset 25167872

10:35:37.321 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 32507904

10:35:37.336 Disk 0 Partition - 00 0F Extended LBA 289271 MB offset 32712704

10:35:37.383 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 289270 MB offset 32714752

10:35:37.383 Service scanning

10:35:38.304 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

10:35:38.943 Modules scanning

10:35:38.943 Disk 0 trace - called modules:

10:35:39.006 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

10:35:39.006 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005789060]

10:35:39.021 3 CLASSPNP.SYS[fffff88001bbb43f] -> nt!IofCallDriver -> [0xfffffa8003cf1e40]

10:35:39.021 5 ACPI.sys[fffff88000f7f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004687050]

10:35:41.096 AVAST engine scan C:\Windows

10:35:48.849 AVAST engine scan C:\Windows\system32

10:36:15.603 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]

10:38:40.590 AVAST engine scan C:\Windows\system32\drivers

10:38:55.769 AVAST engine scan C:\Users\Jeremy

10:41:08.696 AVAST engine scan C:\ProgramData

10:42:53.497 Scan finished successfully

10:43:50.578 Disk 0 MBR has been saved successfully to "C:\Users\Jeremy\Desktop\MBR.dat"

10:43:50.578 The log file has been saved successfully to "C:\Users\Jeremy\Desktop\aswMBR.txt"

MBR.zip

Link to post
Share on other sites

TDSSKiller, Combofix and MBRCheck:

10:46:38.0713 4260 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

10:46:39.0321 4260 ============================================================

10:46:39.0321 4260 Current date / time: 2011/12/26 10:46:39.0321

10:46:39.0321 4260 SystemInfo:

10:46:39.0321 4260

10:46:39.0321 4260 OS Version: 6.1.7601 ServicePack: 1.0

10:46:39.0321 4260 Product type: Workstation

10:46:39.0321 4260 ComputerName: ACER-PC

10:46:39.0321 4260 UserName: Jeremy

10:46:39.0321 4260 Windows directory: C:\Windows

10:46:39.0321 4260 System windows directory: C:\Windows

10:46:39.0321 4260 Running under WOW64

10:46:39.0321 4260 Processor architecture: Intel x64

10:46:39.0321 4260 Number of processors: 2

10:46:39.0321 4260 Page size: 0x1000

10:46:39.0321 4260 Boot type: Normal boot

10:46:39.0321 4260 ============================================================

10:46:39.0774 4260 Initialize success

10:46:42.0192 4816 ============================================================

10:46:42.0192 4816 Scan started

10:46:42.0192 4816 Mode: Manual;

10:46:42.0192 4816 ============================================================

10:46:48.0463 4816 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:46:48.0463 4816 1394ohci - ok

10:46:48.0588 4816 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:46:48.0588 4816 ACPI - ok

10:46:48.0760 4816 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:46:48.0760 4816 AcpiPmi - ok

10:46:48.0978 4816 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

10:46:48.0994 4816 adp94xx - ok

10:46:49.0118 4816 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

10:46:49.0134 4816 adpahci - ok

10:46:49.0306 4816 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

10:46:49.0306 4816 adpu320 - ok

10:46:49.0586 4816 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

10:46:49.0586 4816 AFD - ok

10:46:49.0758 4816 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys

10:46:49.0774 4816 AgereSoftModem - ok

10:46:49.0898 4816 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:46:49.0898 4816 agp440 - ok

10:46:50.0101 4816 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:46:50.0101 4816 aliide - ok

10:46:50.0132 4816 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:46:50.0132 4816 amdide - ok

10:46:50.0320 4816 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

10:46:50.0320 4816 AmdK8 - ok

10:46:50.0460 4816 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

10:46:50.0460 4816 AmdPPM - ok

10:46:50.0600 4816 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:46:50.0600 4816 amdsata - ok

10:46:50.0725 4816 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

10:46:50.0725 4816 amdsbs - ok

10:46:50.0897 4816 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:46:50.0897 4816 amdxata - ok

10:46:51.0068 4816 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:46:51.0068 4816 AppID - ok

10:46:51.0193 4816 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

10:46:51.0209 4816 arc - ok

10:46:51.0380 4816 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

10:46:51.0380 4816 arcsas - ok

10:46:51.0505 4816 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:46:51.0505 4816 AsyncMac - ok

10:46:51.0692 4816 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:46:51.0692 4816 atapi - ok

10:46:51.0989 4816 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\drivers\atikmdag.sys

10:46:52.0036 4816 atikmdag - ok

10:46:52.0332 4816 AVerFx2hbtv64 (56340775ceb97a9cf2caed7a9458c2b8) C:\Windows\system32\drivers\AVerFx2hbtv64.sys

10:46:52.0332 4816 AVerFx2hbtv64 - ok

10:46:52.0488 4816 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

10:46:52.0488 4816 b06bdrv - ok

10:46:52.0644 4816 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:46:52.0644 4816 b57nd60a - ok

10:46:52.0862 4816 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:46:52.0862 4816 Beep - ok

10:46:52.0987 4816 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:46:52.0987 4816 blbdrive - ok

10:46:53.0112 4816 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:46:53.0112 4816 bowser - ok

10:46:53.0252 4816 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:46:53.0252 4816 BrFiltLo - ok

10:46:53.0377 4816 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:46:53.0377 4816 BrFiltUp - ok

10:46:53.0502 4816 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:46:53.0502 4816 Brserid - ok

10:46:53.0658 4816 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:46:53.0658 4816 BrSerWdm - ok

10:46:53.0767 4816 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:46:53.0767 4816 BrUsbMdm - ok

10:46:53.0892 4816 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:46:53.0892 4816 BrUsbSer - ok

10:46:54.0095 4816 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

10:46:54.0095 4816 BTHMODEM - ok

10:46:54.0282 4816 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:46:54.0282 4816 cdfs - ok

10:46:54.0438 4816 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

10:46:54.0454 4816 cdrom - ok

10:46:54.0656 4816 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

10:46:54.0656 4816 circlass - ok

10:46:54.0828 4816 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:46:54.0828 4816 CLFS - ok

10:46:55.0015 4816 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

10:46:55.0015 4816 CmBatt - ok

10:46:55.0202 4816 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:46:55.0202 4816 cmdide - ok

10:46:55.0374 4816 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

10:46:55.0390 4816 CNG - ok

10:46:55.0514 4816 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

10:46:55.0514 4816 Compbatt - ok

10:46:55.0904 4816 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

10:46:55.0904 4816 CompositeBus - ok

10:46:56.0045 4816 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

10:46:56.0045 4816 crcdisk - ok

10:46:56.0248 4816 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:46:56.0248 4816 DfsC - ok

10:46:56.0419 4816 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:46:56.0435 4816 discache - ok

10:46:56.0544 4816 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

10:46:56.0560 4816 Disk - ok

10:46:56.0591 4816 DKbFltr - ok

10:46:56.0731 4816 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:46:56.0731 4816 drmkaud - ok

10:46:56.0903 4816 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:46:56.0934 4816 DXGKrnl - ok

10:46:57.0152 4816 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

10:46:57.0262 4816 ebdrv - ok

10:46:57.0480 4816 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

10:46:57.0496 4816 elxstor - ok

10:46:57.0808 4816 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:46:57.0808 4816 ErrDev - ok

10:46:58.0026 4816 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:46:58.0026 4816 exfat - ok

10:46:58.0135 4816 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:46:58.0135 4816 fastfat - ok

10:46:58.0276 4816 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

10:46:58.0291 4816 fdc - ok

10:46:58.0416 4816 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:46:58.0432 4816 FileInfo - ok

10:46:58.0572 4816 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:46:58.0572 4816 Filetrace - ok

10:46:58.0666 4816 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

10:46:58.0666 4816 flpydisk - ok

10:46:58.0790 4816 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:46:58.0806 4816 FltMgr - ok

10:46:58.0993 4816 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:46:58.0993 4816 FsDepends - ok

10:46:59.0102 4816 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

10:46:59.0118 4816 fssfltr - ok

10:46:59.0212 4816 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

10:46:59.0212 4816 Fs_Rec - ok

10:46:59.0570 4816 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:46:59.0570 4816 fvevol - ok

10:46:59.0664 4816 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

10:46:59.0664 4816 gagp30kx - ok

10:46:59.0836 4816 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:46:59.0836 4816 hcw85cir - ok

10:46:59.0992 4816 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

10:46:59.0992 4816 HdAudAddService - ok

10:47:00.0163 4816 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

10:47:00.0163 4816 HDAudBus - ok

10:47:00.0257 4816 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

10:47:00.0257 4816 HidBatt - ok

10:47:00.0350 4816 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

10:47:00.0350 4816 HidBth - ok

10:47:00.0506 4816 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

10:47:00.0506 4816 HidIr - ok

10:47:00.0725 4816 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

10:47:00.0725 4816 HidUsb - ok

10:47:00.0912 4816 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:47:00.0912 4816 HpSAMD - ok

10:47:01.0052 4816 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:47:01.0084 4816 HTTP - ok

10:47:01.0240 4816 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:47:01.0240 4816 hwpolicy - ok

10:47:01.0442 4816 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

10:47:01.0442 4816 i8042prt - ok

10:47:01.0630 4816 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys

10:47:01.0645 4816 iaStor - ok

10:47:02.0066 4816 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

10:47:02.0066 4816 iaStorV - ok

10:47:02.0176 4816 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

10:47:02.0191 4816 iirsp - ok

10:47:02.0347 4816 int15.sys (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys

10:47:02.0347 4816 int15.sys - ok

10:47:02.0597 4816 IntcAzAudAddService (430aab6c09af99d5beb311795349e9dd) C:\Windows\system32\drivers\RTKVHD64.sys

10:47:02.0659 4816 IntcAzAudAddService - ok

10:47:02.0800 4816 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:47:02.0800 4816 intelide - ok

10:47:02.0909 4816 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:47:02.0924 4816 intelppm - ok

10:47:03.0065 4816 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:47:03.0065 4816 IpFilterDriver - ok

10:47:03.0158 4816 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:47:03.0158 4816 IPMIDRV - ok

10:47:03.0361 4816 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:47:03.0361 4816 IPNAT - ok

10:47:03.0470 4816 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:47:03.0470 4816 IRENUM - ok

10:47:03.0642 4816 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:47:03.0642 4816 isapnp - ok

10:47:03.0845 4816 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:47:03.0845 4816 iScsiPrt - ok

10:47:04.0063 4816 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

10:47:04.0063 4816 kbdclass - ok

10:47:04.0188 4816 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

10:47:04.0188 4816 kbdhid - ok

10:47:04.0297 4816 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

10:47:04.0297 4816 KSecDD - ok

10:47:04.0453 4816 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

10:47:04.0469 4816 KSecPkg - ok

10:47:04.0625 4816 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:47:04.0625 4816 ksthunk - ok

10:47:04.0765 4816 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys

10:47:04.0765 4816 L1C - ok

10:47:05.0046 4816 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:47:05.0046 4816 lltdio - ok

10:47:05.0389 4816 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

10:47:05.0389 4816 LSI_FC - ok

10:47:05.0498 4816 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

10:47:05.0498 4816 LSI_SAS - ok

10:47:05.0654 4816 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:47:05.0670 4816 LSI_SAS2 - ok

10:47:05.0826 4816 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:47:05.0826 4816 LSI_SCSI - ok

10:47:05.0951 4816 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:47:05.0951 4816 luafv - ok

10:47:06.0076 4816 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

10:47:06.0076 4816 megasas - ok

10:47:06.0247 4816 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

10:47:06.0263 4816 MegaSR - ok

10:47:06.0388 4816 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:47:06.0388 4816 Modem - ok

10:47:06.0575 4816 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:47:06.0575 4816 monitor - ok

10:47:06.0762 4816 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

10:47:06.0762 4816 mouclass - ok

10:47:06.0949 4816 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:47:06.0949 4816 mouhid - ok

10:47:07.0090 4816 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:47:07.0090 4816 mountmgr - ok

10:47:07.0339 4816 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

10:47:07.0339 4816 MpFilter - ok

10:47:07.0448 4816 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:47:07.0448 4816 mpio - ok

10:47:07.0558 4816 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

10:47:07.0558 4816 MpNWMon - ok

10:47:07.0651 4816 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:47:07.0667 4816 mpsdrv - ok

10:47:07.0792 4816 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:47:07.0792 4816 MRxDAV - ok

10:47:07.0916 4816 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:47:07.0916 4816 mrxsmb - ok

10:47:08.0088 4816 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:47:08.0088 4816 mrxsmb10 - ok

10:47:08.0213 4816 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:47:08.0213 4816 mrxsmb20 - ok

10:47:08.0322 4816 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:47:08.0322 4816 msahci - ok

10:47:08.0447 4816 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:47:08.0447 4816 msdsm - ok

10:47:08.0540 4816 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:47:08.0556 4816 Msfs - ok

10:47:08.0634 4816 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:47:08.0634 4816 mshidkmdf - ok

10:47:08.0728 4816 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:47:08.0728 4816 msisadrv - ok

10:47:08.0868 4816 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:47:08.0868 4816 MSKSSRV - ok

10:47:09.0102 4816 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:47:09.0102 4816 MSPCLOCK - ok

10:47:09.0289 4816 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:47:09.0289 4816 MSPQM - ok

10:47:09.0508 4816 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:47:09.0508 4816 MsRPC - ok

10:47:09.0742 4816 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

10:47:09.0742 4816 mssmbios - ok

10:47:09.0882 4816 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:47:09.0882 4816 MSTEE - ok

10:47:10.0007 4816 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

10:47:10.0007 4816 MTConfig - ok

10:47:10.0319 4816 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:47:10.0319 4816 Mup - ok

10:47:10.0459 4816 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:47:10.0475 4816 NativeWifiP - ok

10:47:10.0646 4816 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:47:10.0678 4816 NDIS - ok

10:47:10.0818 4816 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:47:10.0818 4816 NdisCap - ok

10:47:10.0943 4816 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:47:10.0943 4816 NdisTapi - ok

10:47:11.0114 4816 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:47:11.0114 4816 Ndisuio - ok

10:47:11.0520 4816 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:47:11.0520 4816 NdisWan - ok

10:47:11.0660 4816 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:47:11.0660 4816 NDProxy - ok

10:47:11.0770 4816 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:47:11.0770 4816 NetBIOS - ok

10:47:11.0910 4816 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:47:11.0910 4816 NetBT - ok

10:47:12.0238 4816 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys

10:47:12.0409 4816 NETw5s64 - ok

10:47:12.0737 4816 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys

10:47:12.0877 4816 netw5v64 - ok

10:47:13.0080 4816 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

10:47:13.0080 4816 nfrd960 - ok

10:47:13.0330 4816 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

10:47:13.0330 4816 NisDrv - ok

10:47:13.0454 4816 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:47:13.0454 4816 Npfs - ok

10:47:13.0595 4816 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:47:13.0595 4816 nsiproxy - ok

10:47:13.0735 4816 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

10:47:13.0813 4816 Ntfs - ok

10:47:14.0000 4816 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys

10:47:14.0000 4816 NTIDrvr - ok

10:47:14.0125 4816 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:47:14.0125 4816 Null - ok

10:47:14.0328 4816 nuvotoncir (6f09cb36c344b98356978b37ba9ad42b) C:\Windows\system32\DRIVERS\nuvotoncir.sys

10:47:14.0344 4816 nuvotoncir - ok

10:47:14.0453 4816 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys

10:47:14.0468 4816 NVHDA - ok

10:47:14.0968 4816 nvlddmkm (325520227cc568052ae1d7ad49d90951) C:\Windows\system32\DRIVERS\nvlddmkm.sys

10:47:15.0311 4816 nvlddmkm - ok

10:47:15.0482 4816 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

10:47:15.0482 4816 nvraid - ok

10:47:15.0654 4816 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

10:47:15.0670 4816 nvstor - ok

10:47:15.0826 4816 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:47:15.0826 4816 nv_agp - ok

10:47:15.0919 4816 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:47:15.0919 4816 ohci1394 - ok

10:47:16.0075 4816 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

10:47:16.0091 4816 Parport - ok

10:47:16.0231 4816 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

10:47:16.0247 4816 partmgr - ok

10:47:16.0387 4816 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:47:16.0387 4816 pci - ok

10:47:16.0481 4816 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:47:16.0481 4816 pciide - ok

10:47:16.0574 4816 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

10:47:16.0574 4816 pcmcia - ok

10:47:16.0808 4816 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys

10:47:16.0808 4816 pcouffin - ok

10:47:16.0949 4816 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:47:16.0949 4816 pcw - ok

10:47:17.0089 4816 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:47:17.0105 4816 PEAUTH - ok

10:47:17.0308 4816 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys

10:47:17.0308 4816 Point64 - ok

10:47:17.0495 4816 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:47:17.0495 4816 PptpMiniport - ok

10:47:17.0822 4816 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

10:47:17.0822 4816 Processor - ok

10:47:17.0963 4816 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:47:17.0963 4816 Psched - ok

10:47:18.0088 4816 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

10:47:18.0150 4816 ql2300 - ok

10:47:18.0259 4816 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

10:47:18.0259 4816 ql40xx - ok

10:47:18.0462 4816 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:47:18.0462 4816 QWAVEdrv - ok

10:47:18.0696 4816 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:47:18.0696 4816 RasAcd - ok

10:47:18.0836 4816 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:47:18.0836 4816 RasAgileVpn - ok

10:47:18.0992 4816 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:47:18.0992 4816 Rasl2tp - ok

10:47:19.0133 4816 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:47:19.0133 4816 RasPppoe - ok

10:47:19.0273 4816 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:47:19.0273 4816 RasSstp - ok

10:47:19.0429 4816 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:47:19.0429 4816 rdbss - ok

10:47:19.0648 4816 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

10:47:19.0648 4816 rdpbus - ok

10:47:19.0819 4816 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:47:19.0819 4816 RDPCDD - ok

10:47:19.0960 4816 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:47:19.0960 4816 RDPENCDD - ok

10:47:20.0053 4816 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:47:20.0069 4816 RDPREFMP - ok

10:47:20.0162 4816 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

10:47:20.0162 4816 RDPWD - ok

10:47:20.0303 4816 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:47:20.0303 4816 rdyboost - ok

10:47:20.0506 4816 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:47:20.0506 4816 rspndr - ok

10:47:20.0630 4816 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys

10:47:20.0646 4816 RSUSBSTOR - ok

10:47:20.0771 4816 RtsUIR - ok

10:47:20.0927 4816 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

10:47:20.0927 4816 SASDIFSV - ok

10:47:21.0067 4816 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

10:47:21.0067 4816 SASKUTIL - ok

10:47:21.0176 4816 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:47:21.0176 4816 sbp2port - ok

10:47:21.0395 4816 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:47:21.0395 4816 scfilter - ok

10:47:21.0520 4816 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:47:21.0520 4816 secdrv - ok

10:47:21.0722 4816 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

10:47:21.0722 4816 Serenum - ok

10:47:21.0878 4816 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

10:47:21.0878 4816 Serial - ok

10:47:22.0034 4816 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

10:47:22.0050 4816 sermouse - ok

10:47:22.0331 4816 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:47:22.0331 4816 sffdisk - ok

10:47:22.0580 4816 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:47:22.0580 4816 sffp_mmc - ok

10:47:22.0690 4816 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:47:22.0690 4816 sffp_sd - ok

10:47:22.0814 4816 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

10:47:22.0814 4816 sfloppy - ok

10:47:22.0955 4816 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:47:22.0955 4816 SiSRaid2 - ok

10:47:23.0064 4816 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

10:47:23.0064 4816 SiSRaid4 - ok

10:47:23.0360 4816 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:47:23.0360 4816 Smb - ok

10:47:23.0657 4816 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:47:23.0657 4816 spldr - ok

10:47:23.0844 4816 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:47:23.0844 4816 srv - ok

10:47:23.0969 4816 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:47:23.0969 4816 srv2 - ok

10:47:24.0203 4816 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:47:24.0203 4816 srvnet - ok

10:47:24.0359 4816 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

10:47:24.0359 4816 stexstor - ok

10:47:24.0499 4816 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

10:47:24.0499 4816 swenum - ok

10:47:24.0640 4816 SynTP (924d711941956f7420a4925592be8253) C:\Windows\system32\DRIVERS\SynTP.sys

10:47:24.0655 4816 SynTP - ok

10:47:24.0827 4816 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

10:47:24.0920 4816 Tcpip - ok

10:47:25.0092 4816 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

10:47:25.0108 4816 TCPIP6 - ok

10:47:25.0435 4816 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:47:25.0435 4816 tcpipreg - ok

10:47:25.0591 4816 TcUsb (951f59af0b707415f9e567d17ff2a7c0) C:\Windows\system32\Drivers\tcusb.sys

10:47:25.0591 4816 TcUsb - ok

10:47:25.0700 4816 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:47:25.0700 4816 TDPIPE - ok

10:47:25.0810 4816 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

10:47:25.0810 4816 TDTCP - ok

10:47:25.0934 4816 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:47:25.0934 4816 tdx - ok

10:47:26.0122 4816 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

10:47:26.0122 4816 TermDD - ok

10:47:26.0246 4816 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:47:26.0246 4816 tssecsrv - ok

10:47:26.0402 4816 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:47:26.0402 4816 TsUsbFlt - ok

10:47:26.0527 4816 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:47:26.0527 4816 tunnel - ok

10:47:26.0636 4816 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

10:47:26.0636 4816 uagp35 - ok

10:47:26.0730 4816 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys

10:47:26.0730 4816 UBHelper - ok

10:47:26.0824 4816 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:47:26.0839 4816 udfs - ok

10:47:26.0964 4816 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:47:26.0964 4816 uliagpkx - ok

10:47:27.0089 4816 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

10:47:27.0089 4816 umbus - ok

10:47:27.0214 4816 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

10:47:27.0229 4816 UmPass - ok

10:47:27.0510 4816 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys

10:47:27.0510 4816 usbbus - ok

10:47:27.0650 4816 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

10:47:27.0650 4816 usbccgp - ok

10:47:27.0713 4816 USBCCID - ok

10:47:27.0806 4816 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:47:27.0806 4816 usbcir - ok

10:47:27.0947 4816 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys

10:47:27.0947 4816 UsbDiag - ok

10:47:28.0103 4816 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

10:47:28.0103 4816 usbehci - ok

10:47:28.0368 4816 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

10:47:28.0384 4816 usbhub - ok

10:47:28.0508 4816 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys

10:47:28.0508 4816 USBModem - ok

10:47:28.0820 4816 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

10:47:28.0820 4816 usbohci - ok

10:47:28.0914 4816 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

10:47:28.0914 4816 usbprint - ok

10:47:29.0070 4816 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys

10:47:29.0070 4816 usbser - ok

10:47:29.0179 4816 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:47:29.0179 4816 USBSTOR - ok

10:47:29.0507 4816 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

10:47:29.0507 4816 usbuhci - ok

10:47:29.0710 4816 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

10:47:29.0710 4816 usbvideo - ok

10:47:30.0037 4816 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:47:30.0037 4816 vdrvroot - ok

10:47:30.0193 4816 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:47:30.0193 4816 vga - ok

10:47:30.0302 4816 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:47:30.0302 4816 VgaSave - ok

10:47:30.0396 4816 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:47:30.0412 4816 vhdmp - ok

10:47:30.0552 4816 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:47:30.0552 4816 viaide - ok

10:47:30.0661 4816 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:47:30.0661 4816 volmgr - ok

10:47:30.0770 4816 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:47:30.0770 4816 volmgrx - ok

10:47:30.0880 4816 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:47:30.0880 4816 volsnap - ok

10:47:30.0989 4816 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

10:47:30.0989 4816 vsmraid - ok

10:47:31.0345 4816 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

10:47:31.0345 4816 vwifibus - ok

10:47:31.0525 4816 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:47:31.0525 4816 vwififlt - ok

10:47:31.0747 4816 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

10:47:31.0757 4816 WacomPen - ok

10:47:31.0897 4816 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:47:31.0907 4816 WANARP - ok

10:47:32.0087 4816 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:47:32.0097 4816 Wanarpv6 - ok

10:47:32.0257 4816 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

10:47:32.0257 4816 Wd - ok

10:47:32.0370 4816 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:47:32.0385 4816 Wdf01000 - ok

10:47:32.0541 4816 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:47:32.0541 4816 WfpLwf - ok

10:47:32.0713 4816 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:47:32.0728 4816 WIMMount - ok

10:47:32.0900 4816 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

10:47:32.0900 4816 WinUsb - ok

10:47:33.0072 4816 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:47:33.0072 4816 WmiAcpi - ok

10:47:33.0243 4816 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:47:33.0243 4816 ws2ifsl - ok

10:47:33.0384 4816 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:47:33.0384 4816 WudfPf - ok

10:47:33.0508 4816 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:47:33.0508 4816 WUDFRd - ok

10:47:33.0602 4816 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

10:47:33.0649 4816 \Device\Harddisk0\DR0 - ok

10:47:33.0664 4816 Boot (0x1200) (067c89102a1c36de46816858afaf0cb4) \Device\Harddisk0\DR0\Partition0

10:47:33.0664 4816 \Device\Harddisk0\DR0\Partition0 - ok

10:47:33.0664 4816 Boot (0x1200) (873fdf16c9d5e04d75593ce5ebad0c7c) \Device\Harddisk0\DR0\Partition1

10:47:33.0664 4816 \Device\Harddisk0\DR0\Partition1 - ok

10:47:33.0664 4816 ============================================================

10:47:33.0664 4816 Scan finished

10:47:33.0664 4816 ============================================================

10:47:33.0680 2740 Detected object count: 0

10:47:33.0680 2740 Actual detected object count: 0

10:47:58.0359 4216 Deinitialize success

ComboFix 11-12-26.01 - Jeremy 12/26/2011 10:49:51.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2451 [GMT -6:00]

Running from: c:\users\Jeremy\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Acer Bio Protection\PwdFilterV64.dll

c:\users\Jeremy\AppData\Roaming\inst.exe

c:\windows\system32\consrv.dll

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))

.

.

2011-12-26 17:00 . 2011-12-26 17:00 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6280B18D-C038-48A8-8CE6-DD8F4C83D18B}\offreg.dll

2011-12-26 16:59 . 2011-12-26 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-26 16:59 . 2011-12-26 16:59 -------- d-----w- c:\users\Becca\AppData\Local\temp

2011-12-26 16:33 . 2011-12-23 05:59 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-12-26 16:33 . 2011-12-23 05:59 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3521208-A05B-4F6B-A3B6-D30A56F181CD}\gapaengine.dll

2011-12-26 16:33 . 2011-11-21 09:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6280B18D-C038-48A8-8CE6-DD8F4C83D18B}\mpengine.dll

2011-12-23 23:25 . 2011-12-23 23:25 -------- d-----w- c:\program files\ESET

2011-12-23 20:51 . 2011-12-23 20:51 -------- d-----w- c:\program files (x86)\ESET

2011-12-23 07:29 . 2011-12-26 17:53 -------- d-----w- c:\programdata\Hitman Pro

2011-12-23 06:13 . 2011-12-26 17:53 -------- d-----w- c:\program files (x86)\UVK

2011-12-23 05:56 . 2011-12-26 18:23 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-12-23 05:56 . 2011-12-26 18:23 -------- d-----w- c:\program files\Microsoft Security Client

2011-12-23 03:59 . 2011-12-23 03:59 -------- d-----w- c:\users\Jeremy\AppData\Local\SWTOR

2011-12-23 03:53 . 2011-12-23 03:53 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-23 03:45 . 2011-12-23 03:53 -------- d-----w- C:\TDSSKiller_Quarantine

2011-12-21 07:28 . 2008-05-30 20:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll

2011-12-21 07:28 . 2008-05-30 20:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll

2011-12-21 05:57 . 2011-12-21 07:27 -------- d-----w- c:\program files (x86)\Common Files\BioWare

2011-12-21 05:57 . 2011-12-21 05:57 -------- d-----w- c:\program files (x86)\Electronic Arts

2011-12-21 01:58 . 2011-12-21 01:58 -------- d-----w- c:\users\Jeremy\AppData\Roaming\Malwarebytes

2011-12-21 01:58 . 2011-12-21 01:58 -------- d-----w- c:\programdata\Malwarebytes

2011-12-21 01:58 . 2011-12-21 01:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-21 01:58 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-21 01:54 . 2011-12-21 01:54 -------- d-----w- c:\users\Jeremy\AppData\Roaming\SUPERAntiSpyware.com

2011-12-17 04:16 . 2011-12-19 04:47 -------- d-----w- c:\users\Becca\riotsGamesLogs

2011-12-15 03:18 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-15 03:18 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-21 02:28 . 2011-06-23 17:10 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-15 01:36 . 2010-04-08 21:23 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-12-06 18:43 . 2010-08-04 03:31 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-10-30 03:16 . 2011-10-30 03:07 210966246 ----a-w- C:\Bejeweled 3.exe

2011-09-29 16:29 . 2011-11-10 03:16 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 825864]

"VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2009-08-05 3574784]

"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-11-26 419112]

"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-06 181480]

"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]

"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-8-22 708608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]

R3 AVerFx2hbtv64;AVerMedia H826 USB Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv64.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-19 796192]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]

S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe [2009-08-05 3453440]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]

S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3427159276-2218206227-2849008751-1000Core.job

- c:\users\Jeremy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-24 03:02]

.

2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3427159276-2218206227-2849008751-1000UA.job

- c:\users\Jeremy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-24 03:02]

.

2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3427159276-2218206227-2849008751-1001Core.job

- c:\users\Becca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-23 23:56]

.

2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3427159276-2218206227-2849008751-1001UA.job

- c:\users\Becca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-23 23:56]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-08-19 496160]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-04 8098848]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"combofix"="c:\combofix\CF3897.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5739g&r=27360210x116l0323z1j6t4824u248

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-swg - c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

SafeBoot-62488446.sys

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Acer Bio Protection\CompPtcVUI.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

.

**************************************************************************

.

Completion time: 2011-12-26 11:13:49 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-26 17:13

.

Pre-Run: 136,275,353,600 bytes free

Post-Run: 136,162,418,688 bytes free

.

- - End Of File - - DA5A0FE15F0D41DC9A1D58A4760F3864

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: Acer

BIOS Manufacturer: Phoenix

System Manufacturer: Acer

System Product Name: Aspire 5739G

Logical Drives Mask: 0x00000014

Kernel Drivers (total 196):

0x03215000 \SystemRoot\system32\ntoskrnl.exe

0x037FE000 \SystemRoot\system32\hal.dll

0x00BCB000 \SystemRoot\system32\kdcom.dll

0x00C12000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00C61000 \SystemRoot\system32\PSHED.dll

0x00C75000 \SystemRoot\system32\CLFS.SYS

0x00CD3000 \SystemRoot\system32\CI.dll

0x00EEF000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F93000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00FA2000 \SystemRoot\system32\drivers\ACPI.sys

0x00E00000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00E09000 \SystemRoot\system32\drivers\msisadrv.sys

0x00E13000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00E20000 \SystemRoot\system32\drivers\pci.sys

0x00E53000 \SystemRoot\System32\drivers\partmgr.sys

0x00E68000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00E71000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00E7D000 \SystemRoot\system32\drivers\volmgr.sys

0x00E92000 \SystemRoot\System32\drivers\volmgrx.sys

0x00D93000 \SystemRoot\System32\drivers\mountmgr.sys

0x0102F000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x0114B000 \SystemRoot\system32\drivers\atapi.sys

0x01154000 \SystemRoot\system32\drivers\ataport.SYS

0x0117E000 \SystemRoot\system32\drivers\amdxata.sys

0x01189000 \SystemRoot\system32\drivers\fltmgr.sys

0x011D5000 \SystemRoot\system32\drivers\fileinfo.sys

0x01225000 \SystemRoot\System32\Drivers\Ntfs.sys

0x0143C000 \SystemRoot\System32\Drivers\msrpc.sys

0x0149A000 \SystemRoot\System32\Drivers\ksecdd.sys

0x014B5000 \SystemRoot\System32\Drivers\cng.sys

0x01527000 \SystemRoot\System32\drivers\pcw.sys

0x01538000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01619000 \SystemRoot\system32\drivers\ndis.sys

0x0170C000 \SystemRoot\system32\drivers\NETIO.SYS

0x0176C000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01844000 \SystemRoot\System32\drivers\tcpip.sys

0x01A48000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01A92000 \SystemRoot\system32\drivers\volsnap.sys

0x01ADE000 \SystemRoot\System32\Drivers\spldr.sys

0x01AE6000 \SystemRoot\System32\drivers\rdyboost.sys

0x01B20000 \SystemRoot\System32\Drivers\mup.sys

0x01B32000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01B3B000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01B75000 \SystemRoot\system32\DRIVERS\disk.sys

0x01B8B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x02FBE000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x02E00000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0x02E31000 \SystemRoot\System32\Drivers\Null.SYS

0x02E3A000 \SystemRoot\System32\Drivers\Beep.SYS

0x02E41000 \SystemRoot\System32\drivers\vga.sys

0x02E4F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x02E74000 \SystemRoot\System32\drivers\watchdog.sys

0x02E84000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x02FE8000 \SystemRoot\system32\drivers\rdpencdd.sys

0x02FF1000 \SystemRoot\system32\drivers\rdprefmp.sys

0x01BC9000 \SystemRoot\System32\Drivers\Msfs.SYS

0x01BD4000 \SystemRoot\System32\Drivers\Npfs.SYS

0x01800000 \SystemRoot\system32\DRIVERS\tdx.sys

0x01822000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x01542000 \SystemRoot\system32\drivers\afd.sys

0x01797000 \SystemRoot\System32\DRIVERS\netbt.sys

0x0182F000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x015CB000 \SystemRoot\system32\DRIVERS\pacer.sys

0x01BE5000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x017DC000 \SystemRoot\system32\DRIVERS\netbios.sys

0x01400000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x017EB000 \SystemRoot\system32\drivers\termdd.sys

0x01838000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

0x01600000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

0x00DAD000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x0160A000 \SystemRoot\system32\drivers\nsiproxy.sys

0x0141B000 \SystemRoot\system32\drivers\mssmbios.sys

0x01426000 \SystemRoot\System32\drivers\discache.sys

0x013C8000 \SystemRoot\System32\Drivers\dfsc.sys

0x013E6000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x01000000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x02FFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x015F1000 \SystemRoot\system32\drivers\wmiacpi.sys

0x0F237000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x0FF45000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x03EAE000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x03FA2000 \SystemRoot\System32\drivers\dxgmms1.sys

0x03E00000 \SystemRoot\system32\drivers\HDAudBus.sys

0x03E24000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x03E31000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x03E87000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x0409D000 \SystemRoot\system32\DRIVERS\NETw5s64.sys

0x0474A000 \SystemRoot\System32\drivers\vwifibus.sys

0x04757000 \SystemRoot\system32\DRIVERS\L1C62x64.sys

0x0476C000 \SystemRoot\system32\DRIVERS\nuvotoncir.sys

0x04782000 \SystemRoot\system32\drivers\i8042prt.sys

0x047A0000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys

0x047AC000 \SystemRoot\system32\drivers\kbdclass.sys

0x04000000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x0404C000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x0404E000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x0405D000 \??\C:\Windows\system32\drivers\UBHelper.sys

0x04065000 \??\C:\Windows\system32\drivers\NTIDrvr.sys

0x0406D000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x04083000 \SystemRoot\system32\drivers\CompositeBus.sys

0x047BB000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x047D1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x03E98000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x0FF47000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x0FF76000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x0FF91000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x0FFB2000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x03FE8000 \SystemRoot\System32\Drivers\pcouffin.sys

0x047F5000 \SystemRoot\system32\drivers\swenum.sys

0x04AA3000 \SystemRoot\system32\drivers\ks.sys

0x04AE6000 \SystemRoot\system32\DRIVERS\circlass.sys

0x04AF8000 \SystemRoot\system32\drivers\umbus.sys

0x04B0A000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x04B64000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04B79000 \SystemRoot\system32\drivers\nvhda64v.sys

0x04B91000 \SystemRoot\system32\drivers\portcls.sys

0x04BCE000 \SystemRoot\system32\drivers\drmk.sys

0x04BF0000 \SystemRoot\system32\drivers\ksthunk.sys

0x05A0A000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x05C92000 \SystemRoot\system32\DRIVERS\agrsm64.sys

0x05DC3000 \SystemRoot\system32\drivers\modem.sys

0x05DD2000 \SystemRoot\system32\DRIVERS\hidir.sys

0x05DE3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x05C00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x05C09000 \SystemRoot\system32\drivers\kbdhid.sys

0x05C17000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x05C24000 \SystemRoot\System32\Drivers\tcusb.sys

0x00000000 \SystemRoot\System32\win32k.sys

0x05C37000 \SystemRoot\System32\drivers\Dxapi.sys

0x05C43000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x05C60000 \SystemRoot\System32\Drivers\usbvideo.sys

0x05BF0000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00500000 \SystemRoot\System32\TSDDD.dll

0x006B0000 \SystemRoot\System32\cdd.dll

0x008E0000 \SystemRoot\System32\ATMFD.DLL

0x04A00000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x04A1D000 \SystemRoot\System32\Drivers\crashdmp.sys

0x02E8D000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x04A2B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x04A3E000 \SystemRoot\system32\drivers\luafv.sys

0x04A61000 \SystemRoot\system32\drivers\WudfPf.sys

0x04A82000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x02C61000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x02CB4000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x02CC7000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x02CDF000 \SystemRoot\system32\drivers\HTTP.sys

0x02DA8000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x02DD9000 \SystemRoot\system32\DRIVERS\bowser.sys

0x02C00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x05674000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x056C2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x056E6000 \SystemRoot\System32\DRIVERS\srv2.sys

0x0574F000 \SystemRoot\System32\DRIVERS\srv.sys

0x07020000 \SystemRoot\system32\drivers\peauth.sys

0x070C6000 \SystemRoot\System32\Drivers\secdrv.SYS

0x070D1000 \SystemRoot\System32\drivers\tcpipreg.sys

0x07154000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS

0x77790000 \Windows\System32\ntdll.dll

0x47D90000 \Windows\System32\smss.exe

0xFFAB0000 \Windows\System32\apisetschema.dll

0xFF810000 \Windows\System32\autochk.exe

0xFED10000 \Windows\System32\shell32.dll

0xFEC90000 \Windows\System32\shlwapi.dll

0xFEBC0000 \Windows\System32\usp10.dll

0x77960000 \Windows\System32\normaliz.dll

0x77950000 \Windows\System32\psapi.dll

0xFEA90000 \Windows\System32\wininet.dll

0xFEA10000 \Windows\System32\difxapi.dll

0x77670000 \Windows\System32\kernel32.dll

0xFEA00000 \Windows\System32\nsi.dll

0xFE8F0000 \Windows\System32\msctf.dll

0xFE7C0000 \Windows\System32\rpcrt4.dll

0xFE720000 \Windows\System32\clbcatq.dll

0xFE540000 \Windows\System32\setupapi.dll

0xFE330000 \Windows\System32\ole32.dll

0xFE1B0000 \Windows\System32\urlmon.dll

0xFE1A0000 \Windows\System32\lpk.dll

0xFE130000 \Windows\System32\gdi32.dll

0xFDED0000 \Windows\System32\iertutil.dll

0xFDDF0000 \Windows\System32\oleaut32.dll

0xFDDD0000 \Windows\System32\imagehlp.dll

0xFDD30000 \Windows\System32\msvcrt.dll

0xFDD00000 \Windows\System32\imm32.dll

0xFDCB0000 \Windows\System32\ws2_32.dll

0xFDC90000 \Windows\System32\sechost.dll

0x77570000 \Windows\System32\user32.dll

0xFDBF0000 \Windows\System32\comdlg32.dll

0xFDB10000 \Windows\System32\advapi32.dll

0xFDAB0000 \Windows\System32\Wldap32.dll

0xFDA70000 \Windows\System32\cfgmgr32.dll

0xFDA30000 \Windows\System32\wintrust.dll

0xFD9C0000 \Windows\System32\KernelBase.dll

0xFD850000 \Windows\System32\crypt32.dll

0xFD830000 \Windows\System32\devobj.dll

0xFD790000 \Windows\System32\comctl32.dll

0xFD780000 \Windows\System32\msasn1.dll

Processes (total 67):

0 System Idle Process

4 System

304 C:\Windows\System32\smss.exe

468 csrss.exe

532 C:\Windows\System32\wininit.exe

548 csrss.exe

584 C:\Windows\System32\services.exe

608 C:\Windows\System32\lsass.exe

616 C:\Windows\System32\lsm.exe

700 C:\Windows\System32\winlogon.exe

756 C:\Windows\System32\svchost.exe

820 C:\Windows\System32\nvvsvc.exe

860 C:\Windows\System32\svchost.exe

916 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

1008 C:\Windows\System32\svchost.exe

328 C:\Windows\System32\svchost.exe

348 C:\Windows\System32\svchost.exe

1068 C:\Windows\System32\svchost.exe

1152 C:\Windows\System32\svchost.exe

1280 C:\Windows\System32\nvvsvc.exe

1416 C:\Windows\System32\spoolsv.exe

1424 C:\Program Files\Common Files\SPBA\upeksvr.exe

1592 C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe

1856 C:\Program Files\SUPERAntiSpyware\SASCore64.exe

1884 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

1920 C:\Program Files\LSI SoftModem\agr64svc.exe

1944 C:\Windows\System32\svchost.exe

1980 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe

2028 C:\Windows\System32\svchost.exe

1044 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

1472 C:\Program Files (x86)\Acer Bio Protection\BASVC.exe

1576 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

1668 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

1736 C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe

1360 C:\Windows\System32\svchost.exe

1548 C:\Program Files\Acer\Acer Updater\UpdaterService.exe

2068 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2108 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

2140 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

2288 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2584 C:\Windows\System32\taskhost.exe

2728 C:\Windows\System32\dwm.exe

2744 C:\Windows\explorer.exe

2844 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

2916 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

2924 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

2932 C:\Program Files\Microsoft IntelliPoint\ipoint.exe

3028 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

1724 C:\Program Files\Microsoft Security Client\msseces.exe

2460 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

1760 C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

2788 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

2436 C:\Program Files (x86)\Launch Manager\LManager.EXE

3076 C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe

3088 C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

3104 C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe

3144 C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe

3776 C:\Windows\System32\SearchIndexer.exe

1536 C:\Program Files\Windows Media Player\wmpnetwk.exe

3804 C:\Program Files (x86)\Internet Explorer\iexplore.exe

3476 C:\Program Files (x86)\Internet Explorer\iexplore.exe

2816 C:\Program Files (x86)\Internet Explorer\iexplore.exe

956 C:\Windows\System32\SearchProtocolHost.exe

3212 C:\Windows\System32\SearchFilterHost.exe

868 C:\Windows\System32\audiodg.exe

236 C:\Users\Jeremy\Desktop\MBRCheck.exe

3208 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`e6600000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Link to post
Share on other sites

Before we take care of that specific file, let's do a general computer scan to see if there's anything else we should be removing as well:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

===========

Please also run a new MBAM scan (make sure to Check for Updates first), and post that log as well. ;)

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=951e91f6f14fbc4fb6a726d3f24a3c96

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-27 04:23:46

# local_time=2011-12-27 10:23:46 (-0600, Central Standard Time)

# country="United States"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 66 94 13732216 76543233 0 0

# compatibility_mode=8192 67108863 100 0 234233 234233 0 0

# scanned=189621

# found=1

# cleaned=5

# scan_time=3243

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[1].php HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122702

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

12/27/2011 10:22:29 AM

mbam-log-2011-12-27 (10-22-29).txt

Scan type: Full scan (C:\|)

Objects scanned: 377999

Time elapsed: 47 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::

C:\Windows\assembly\temp\kwrd.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Link to post
Share on other sites

Seems to be running fine aftera ll of this :)

ComboFix 11-12-27.01 - Jeremy 12/27/2011 11:25:33.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2486 [GMT -6:00]

Running from: c:\users\Jeremy\Desktop\ComboFix.exe

Command switches used :: c:\users\Jeremy\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\assembly\temp\kwrd.dll"

.

.

((((((((((((((((((((((((( Files Created from 2011-11-27 to 2011-12-27 )))))))))))))))))))))))))))))))

.

.

2011-12-27 17:31 . 2011-12-27 17:31 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90031A2E-3164-4C2E-966C-313EEEE5F6FB}\offreg.dll

2011-12-27 17:30 . 2011-12-27 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-27 17:30 . 2011-12-27 17:30 -------- d-----w- c:\users\Becca\AppData\Local\temp

2011-12-26 17:32 . 2011-11-21 09:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90031A2E-3164-4C2E-966C-313EEEE5F6FB}\mpengine.dll

2011-12-26 16:33 . 2011-12-23 05:59 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-12-26 16:33 . 2011-12-23 05:59 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3521208-A05B-4F6B-A3B6-D30A56F181CD}\gapaengine.dll

2011-12-23 23:25 . 2011-12-23 23:25 -------- d-----w- c:\program files\ESET

2011-12-23 20:51 . 2011-12-23 20:51 -------- d-----w- c:\program files (x86)\ESET

2011-12-23 07:29 . 2011-12-26 17:53 -------- d-----w- c:\programdata\Hitman Pro

2011-12-23 06:13 . 2011-12-26 17:53 -------- d-----w- c:\program files (x86)\UVK

2011-12-23 05:56 . 2011-12-26 18:23 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-12-23 05:56 . 2011-12-26 18:23 -------- d-----w- c:\program files\Microsoft Security Client

2011-12-23 03:59 . 2011-12-23 03:59 -------- d-----w- c:\users\Jeremy\AppData\Local\SWTOR

2011-12-23 03:53 . 2011-12-23 03:53 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-23 03:45 . 2011-12-23 03:53 -------- d-----w- C:\TDSSKiller_Quarantine

2011-12-21 07:28 . 2008-05-30 20:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll

2011-12-21 07:28 . 2008-05-30 20:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll

2011-12-21 05:57 . 2011-12-21 07:27 -------- d-----w- c:\program files (x86)\Common Files\BioWare

2011-12-21 05:57 . 2011-12-21 05:57 -------- d-----w- c:\program files (x86)\Electronic Arts

2011-12-21 01:58 . 2011-12-21 01:58 -------- d-----w- c:\users\Jeremy\AppData\Roaming\Malwarebytes

2011-12-21 01:58 . 2011-12-21 01:58 -------- d-----w- c:\programdata\Malwarebytes

2011-12-21 01:58 . 2011-12-21 01:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-21 01:58 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-21 01:54 . 2011-12-21 01:54 -------- d-----w- c:\users\Jeremy\AppData\Roaming\SUPERAntiSpyware.com

2011-12-17 04:16 . 2011-12-19 04:47 -------- d-----w- c:\users\Becca\riotsGamesLogs

2011-12-15 03:18 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-15 03:18 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-21 02:28 . 2011-06-23 17:10 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-15 01:36 . 2010-04-08 21:23 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-12-06 18:43 . 2010-08-04 03:31 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-10-30 03:16 . 2011-10-30 03:07 210966246 ----a-w- C:\Bejeweled 3.exe

2011-09-29 16:29 . 2011-11-10 03:16 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-26_17.01.33 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-22 07:17 . 2011-12-27 14:32 58556 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-12-27 14:32 47564 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-02-22 21:42 . 2011-12-27 14:32 13384 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3427159276-2218206227-2849008751-1000_UserData.bin

+ 2009-10-16 20:55 . 2011-12-27 14:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-10-16 20:55 . 2011-12-26 16:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-10-16 20:55 . 2011-12-27 14:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-10-16 20:55 . 2011-12-26 16:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-12-26 16:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-12-27 14:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-02-23 10:45 . 2011-12-27 17:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-02-23 10:45 . 2011-12-26 16:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-02-23 10:45 . 2011-12-27 17:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-02-23 10:45 . 2011-12-26 16:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-02-28 17:06 . 2011-12-26 20:52 7898 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-12-26 17:00 . 2011-12-26 17:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-12-27 17:31 . 2011-12-27 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-12-26 17:00 . 2011-12-26 17:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-12-27 17:31 . 2011-12-27 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2011-12-26 16:59 440560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-12-27 17:30 440560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 825864]

"VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2009-08-05 3574784]

"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-11-26 419112]

"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-06 181480]

"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]

"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-8-22 708608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]

R3 AVerFx2hbtv64;AVerMedia H826 USB Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv64.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-19 796192]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]

S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe [2009-08-05 3453440]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]

S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3427159276-2218206227-2849008751-1000Core.job

- c:\users\Jeremy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-24 03:02]

.

2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3427159276-2218206227-2849008751-1000UA.job

- c:\users\Jeremy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-24 03:02]

.

2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3427159276-2218206227-2849008751-1001Core.job

- c:\users\Becca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-23 23:56]

.

2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3427159276-2218206227-2849008751-1001UA.job

- c:\users\Becca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-23 23:56]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [bU]

"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-08-19 496160]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-04 8098848]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5739g&r=27360210x116l0323z1j6t4824u248

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Acer Bio Protection\CompPtcVUI.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

.

**************************************************************************

.

Completion time: 2011-12-27 11:41:54 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-27 17:41

ComboFix2.txt 2011-12-26 17:13

.

Pre-Run: 135,462,871,040 bytes free

Post-Run: 135,388,839,936 bytes free

.

- - End Of File - - CF05CC9E00688AE8FF53BA7E75E43313

Link to post
Share on other sites

Looking good! ;)

Now, let's see what programs of yours need updating; out-of-date applications leave you extremely vulnerable to getting infected again:

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.30

Windows 7 x64 (UAC is disabled!)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player 10.0.45.2 Flash Player out of Date!

Adobe Reader X (10.1.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

Link to post
Share on other sites

This all started when I let my friend play on this computer and he started browsing myyearbook.

It happens! As we wrap all this up I will provide you with some information to help you better secure your computer, so that this sort of thing doesn't happen in the future. ;)

First, let's update your programs:

---------

I see you have User Accounts Control (UAC) disabled.

This is an important security feature which helps prevent malware and other unwanted software from being installed on your computer.

I strongly suggest you keep it enabled. See this link for instructions on how to enable it: http://windows.microsoft.com/en-US/windows-vista/Turn-User-Account-Control-on-or-off

---------

You are using Internet Explorer version 8. Since you are using Windows 7, you qualify forthe latest version, which is 9. Using an outdated version of a web browser leaves you extremely vulnerable to malware!

Please see this link to download the latest version: http://windows.microsoft.com/en-US/internet-explorer/products/ie/home

---------

Your Flash Player is out of date!

To make sure you have the latest version of Adobe Flash Player installed:

1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe

2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger).

3. Double-click on the file you've downloaded to uninstall Flash.

4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).

Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

---------

Before we move on to the next step, please let me know how the updates went, as failed updates may indicate additional malware.

Link to post
Share on other sites

Updates worked. I've noticed that instead of Flash player in add/remove programs it now says ax. I'm sure this doesn't matter but I figured I would let you know.

Results of screen317's Security Check version 0.99.30

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Reader X (10.1.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

Link to post
Share on other sites

I've noticed that instead of Flash player in add/remove programs it now says ax.

That's odd- I'm running Windows 7 and haven't encountered that issue. :huh:

When you go to Start -> Control Panel -> Programs -> Programs & Features, do you see the following listed there?:

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X

Link to post
Share on other sites

That's good enough :).

Since the updates were successful and you are now clean, I will now provide you with some suggestions for security software, but first, please make sure ComboFix is uninstalled:

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.