Jump to content

Bitminer and redirect-- help!


Recommended Posts

I know that I'm not the only one getting overrun with the pup.bitminer problems. I posted a week ago, but haven't heard, so reposting to give this another shot. I reran MBAM and another DDS-- both logs are posted below.

Last week, whenever I ran MBAM, it found the pup.bitminer, but it came back even though I'd remove it after the scan. Now, I reran MBAM today and it says that there aren't any infected files-- but the redirects are still happening, so I know something is going on.

I can't access Malwarebytes forums on the infected computer and I got redirected whenever I tried to search for solutions. It may be related, but the McAfee firewall won't stay on and I can't turn on the Windows firewall (which had previously been disabled since the McAfee wall was supposedly on).

I know it is busy-- so any and all help would be appreciated!

MBAM- Run on 1/2

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.02.05

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

KP :: MOLLY-PC [administrator]

1/2/2012 4:52:36 PM

mbam-log-2012-01-02 (16-52-36).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 406165

Time elapsed: 1 hour(s), 16 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS- Run on 1/2

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29

Run by KP at 18:56:50 on 2012-01-02

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3032.981 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Windows\system32\conhost.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111223201040.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [FAStartup]

mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: mswsock.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{079F84C0-6DBE-4869-B3BF-D540929D979A} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{99094965-582F-449B-94A9-F46DBE17CFE3} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{99094965-582F-449B-94A9-F46DBE17CFE3}\D414254595D20534F5E4564777F627B6 : DhcpNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111223201040.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

BHO-X64: FAIESSO Helper Object - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [FAStartup]

mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-23 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-23 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-12-23 199272]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-12-23 208536]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-31 658656]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-20 136176]

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-23 249936]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-20 136176]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2011-12-23 606736]

.

=============== Created Last 30 ================

.

2011-12-27 22:10:19 5110 ----a-w- C:\Windows\System32\PerfStringBackup.TMP

2011-12-27 02:52:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-26 22:43:14 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-12-24 02:15:24 16200 ----a-w- C:\Windows\stinger.sys

2011-12-24 01:11:19 -------- d-----w- C:\Program Files\McAfee.com

2011-12-24 01:10:40 28760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll

2011-12-24 01:10:25 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2011-12-24 01:09:49 161168 ----a-w- C:\Windows\System32\mfevtps.exe

2011-12-24 01:09:47 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys

2011-12-24 01:09:47 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2011-12-24 01:09:47 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2011-12-24 01:09:47 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2011-12-24 01:09:47 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2011-12-24 01:09:47 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2011-12-24 01:09:47 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2011-12-24 01:09:47 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

2011-12-24 00:58:56 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2011-12-24 00:35:06 -------- d-----w- C:\Users\KP\AppData\Roaming\McAfee

2011-12-24 00:28:51 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee

2011-12-24 00:28:50 -------- d-----w- C:\Program Files\McAfee

2011-12-24 00:28:49 -------- d-----w- C:\Program Files\Common Files\McAfee

2011-12-24 00:28:47 -------- d-----w- C:\Program Files (x86)\McAfee.com

2011-12-24 00:28:26 -------- d-----w- C:\Program Files (x86)\McAfee

2011-12-23 00:07:46 -------- d-----w- C:\Program Files\iPod

2011-12-23 00:07:45 -------- d-----w- C:\Program Files\iTunes

2011-12-23 00:03:23 -------- d-----w- C:\Program Files\Bonjour

2011-12-23 00:03:23 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-12-22 01:24:07 -------- d-----w- C:\Windows\System32\SPReview

2011-12-21 23:38:46 -------- d-----w- C:\Windows\System32\EventProviders

2011-12-16 00:33:01 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2011-12-14 01:50:16 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2011-12-06 02:35:06 -------- d-----w- C:\Users\KP\AppData\Roaming\SUPERAntiSpyware.com

2011-12-06 02:35:06 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-12-05 02:24:39 -------- d-----we C:\Windows\system64

.

==================== Find3M ====================

.

2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys

2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec

2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-15 06:25:12 723456 ----a-w- C:\Windows\System32\EncDec.dll

2011-10-15 05:48:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

.

============= FINISH: 18:57:52.78 ===============

Link to post
Share on other sites

Hello Katrine1212 and welcome to Malwarebytes! :welcome:

I apologize for the delay.

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:
http://ad13.geekstogo.com/MBRCheck.exe
http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe
http://www.kernelmode.info/MBRCheck.exe
Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".
Press the "Enter" key to close the MBRCheck window and post the contents of the log file.
-------------
In your next reply, please include:
  • FSS.txt
  • TDSSKiller report
  • C:\ComboFix.txt
  • MBRCheck report

How is your computer running now?

Link to post
Share on other sites

Thanks D-Fred-Brown!

I ran all of the suggested programs and will post the logs below. As a note, when I tried to disable the McAfee AntiVirus, I wasn't able to. I ended up removing the program in its entirety-- though when I ran the ComboFix, it still said that McAfee was running (even after it was removed). I haven't reinstalled McAfee yet, I figure it wasn't working earlier anyway.

After running everything, I was able to get online (with Chrome) and access the MBAM site and forum, which I couldn't do earlier.

FSS and TDSS are pasted below. I'll put the other two logs in a second reply.

Thanks again for your help.

Farbar Service Scanner

Ran by KP (administrator) on 03-01-2012 at 19:48:56

Microsoft Windows 7 Home Premium (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll

[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll

[2009-07-13 19:09] - [2009-07-13 20:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe

[2009-07-13 18:39] - [2009-07-13 20:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

19:49:42.0973 5112 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

19:49:43.0238 5112 ============================================================

19:49:43.0238 5112 Current date / time: 2012/01/03 19:49:43.0238

19:49:43.0238 5112 SystemInfo:

19:49:43.0238 5112

19:49:43.0238 5112 OS Version: 6.1.7600 ServicePack: 0.0

19:49:43.0238 5112 Product type: Workstation

19:49:43.0238 5112 ComputerName: MOLLY-PC

19:49:43.0238 5112 UserName: KP

19:49:43.0238 5112 Windows directory: C:\Windows

19:49:43.0238 5112 System windows directory: C:\Windows

19:49:43.0238 5112 Running under WOW64

19:49:43.0238 5112 Processor architecture: Intel x64

19:49:43.0238 5112 Number of processors: 2

19:49:43.0238 5112 Page size: 0x1000

19:49:43.0238 5112 Boot type: Normal boot

19:49:43.0238 5112 ============================================================

19:49:43.0644 5112 Initialize success

19:49:54.0739 3768 ============================================================

19:49:54.0739 3768 Scan started

19:49:54.0739 3768 Mode: Manual;

19:49:54.0739 3768 ============================================================

19:49:57.0922 3768 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

19:49:57.0922 3768 1394ohci - ok

19:49:58.0031 3768 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

19:49:58.0047 3768 ACPI - ok

19:49:58.0156 3768 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

19:49:58.0156 3768 AcpiPmi - ok

19:49:58.0390 3768 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

19:49:58.0406 3768 adp94xx - ok

19:49:58.0499 3768 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

19:49:58.0499 3768 adpahci - ok

19:49:58.0546 3768 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

19:49:58.0546 3768 adpu320 - ok

19:49:58.0671 3768 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

19:49:58.0671 3768 AFD - ok

19:49:58.0718 3768 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

19:49:58.0718 3768 agp440 - ok

19:49:58.0827 3768 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

19:49:58.0827 3768 aliide - ok

19:49:58.0936 3768 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

19:49:58.0936 3768 amdide - ok

19:49:59.0061 3768 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

19:49:59.0061 3768 AmdK8 - ok

19:49:59.0139 3768 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

19:49:59.0139 3768 AmdPPM - ok

19:49:59.0201 3768 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

19:49:59.0201 3768 amdsata - ok

19:49:59.0685 3768 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

19:49:59.0700 3768 amdsbs - ok

19:49:59.0794 3768 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

19:49:59.0794 3768 amdxata - ok

19:49:59.0856 3768 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys

19:49:59.0856 3768 ApfiltrService - ok

19:49:59.0966 3768 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

19:49:59.0966 3768 AppID - ok

19:50:00.0044 3768 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

19:50:00.0044 3768 arc - ok

19:50:00.0106 3768 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

19:50:00.0122 3768 arcsas - ok

19:50:00.0215 3768 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

19:50:00.0215 3768 AsyncMac - ok

19:50:00.0356 3768 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

19:50:00.0356 3768 atapi - ok

19:50:01.0120 3768 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

19:50:01.0120 3768 b06bdrv - ok

19:50:01.0401 3768 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

19:50:01.0401 3768 b57nd60a - ok

19:50:01.0541 3768 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys

19:50:01.0541 3768 BCM42RLY - ok

19:50:02.0602 3768 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys

19:50:03.0117 3768 BCM43XX - ok

19:50:03.0522 3768 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

19:50:03.0522 3768 Beep - ok

19:50:03.0585 3768 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

19:50:03.0600 3768 blbdrive - ok

19:50:04.0146 3768 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

19:50:04.0146 3768 bowser - ok

19:50:04.0240 3768 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:50:04.0240 3768 BrFiltLo - ok

19:50:04.0271 3768 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:50:04.0271 3768 BrFiltUp - ok

19:50:04.0318 3768 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

19:50:04.0318 3768 Brserid - ok

19:50:04.0349 3768 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

19:50:04.0349 3768 BrSerWdm - ok

19:50:04.0380 3768 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:50:04.0380 3768 BrUsbMdm - ok

19:50:04.0412 3768 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

19:50:04.0412 3768 BrUsbSer - ok

19:50:04.0490 3768 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

19:50:04.0490 3768 BTHMODEM - ok

19:50:04.0802 3768 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS

19:50:04.0802 3768 BVRPMPR5a64 - ok

19:50:04.0864 3768 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

19:50:04.0864 3768 cdfs - ok

19:50:04.0973 3768 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

19:50:04.0973 3768 cdrom - ok

19:50:05.0582 3768 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys

19:50:05.0582 3768 cfwids - ok

19:50:05.0706 3768 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

19:50:05.0706 3768 circlass - ok

19:50:05.0831 3768 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

19:50:05.0831 3768 CLFS - ok

19:50:06.0284 3768 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

19:50:06.0284 3768 CmBatt - ok

19:50:06.0315 3768 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

19:50:06.0315 3768 cmdide - ok

19:50:06.0377 3768 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

19:50:06.0393 3768 CNG - ok

19:50:06.0549 3768 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

19:50:06.0549 3768 Compbatt - ok

19:50:06.0627 3768 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

19:50:06.0627 3768 CompositeBus - ok

19:50:06.0720 3768 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

19:50:06.0720 3768 crcdisk - ok

19:50:06.0845 3768 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

19:50:06.0845 3768 CtClsFlt - ok

19:50:06.0970 3768 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

19:50:06.0970 3768 DfsC - ok

19:50:07.0079 3768 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

19:50:07.0079 3768 discache - ok

19:50:07.0188 3768 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

19:50:07.0188 3768 Disk - ok

19:50:07.0344 3768 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

19:50:07.0344 3768 drmkaud - ok

19:50:07.0469 3768 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

19:50:07.0485 3768 DXGKrnl - ok

19:50:07.0672 3768 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

19:50:07.0734 3768 ebdrv - ok

19:50:07.0859 3768 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

19:50:07.0859 3768 elxstor - ok

19:50:07.0953 3768 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

19:50:07.0953 3768 ErrDev - ok

19:50:08.0062 3768 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

19:50:08.0062 3768 exfat - ok

19:50:08.0187 3768 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys

19:50:08.0187 3768 FACAP - ok

19:50:08.0452 3768 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

19:50:08.0468 3768 fastfat - ok

19:50:08.0577 3768 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

19:50:08.0577 3768 fdc - ok

19:50:08.0608 3768 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

19:50:08.0608 3768 FileInfo - ok

19:50:08.0639 3768 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

19:50:08.0639 3768 Filetrace - ok

19:50:08.0749 3768 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

19:50:08.0749 3768 flpydisk - ok

19:50:08.0780 3768 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

19:50:08.0780 3768 FltMgr - ok

19:50:08.0889 3768 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

19:50:08.0889 3768 FsDepends - ok

19:50:08.0905 3768 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

19:50:08.0905 3768 Fs_Rec - ok

19:50:09.0029 3768 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

19:50:09.0029 3768 fvevol - ok

19:50:09.0139 3768 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

19:50:09.0139 3768 gagp30kx - ok

19:50:09.0201 3768 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

19:50:09.0201 3768 GEARAspiWDM - ok

19:50:09.0638 3768 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

19:50:09.0638 3768 hcw85cir - ok

19:50:09.0716 3768 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

19:50:09.0716 3768 HDAudBus - ok

19:50:09.0747 3768 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

19:50:09.0747 3768 HidBatt - ok

19:50:09.0763 3768 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

19:50:09.0763 3768 HidBth - ok

19:50:09.0778 3768 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

19:50:09.0778 3768 HidIr - ok

19:50:09.0887 3768 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

19:50:09.0887 3768 HidUsb - ok

19:50:09.0934 3768 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

19:50:09.0934 3768 HpSAMD - ok

19:50:09.0981 3768 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

19:50:09.0997 3768 HTTP - ok

19:50:10.0043 3768 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

19:50:10.0043 3768 hwpolicy - ok

19:50:10.0090 3768 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

19:50:10.0106 3768 i8042prt - ok

19:50:10.0153 3768 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys

19:50:10.0153 3768 iaStor - ok

19:50:10.0215 3768 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

19:50:10.0215 3768 iaStorV - ok

19:50:10.0418 3768 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys

19:50:10.0589 3768 igfx - ok

19:50:10.0699 3768 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

19:50:10.0699 3768 iirsp - ok

19:50:10.0761 3768 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

19:50:10.0761 3768 intelide - ok

19:50:10.0792 3768 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

19:50:10.0792 3768 intelppm - ok

19:50:10.0839 3768 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:50:10.0855 3768 IpFilterDriver - ok

19:50:10.0870 3768 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

19:50:10.0870 3768 IPMIDRV - ok

19:50:10.0933 3768 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

19:50:10.0933 3768 IPNAT - ok

19:50:10.0995 3768 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

19:50:10.0995 3768 IRENUM - ok

19:50:11.0026 3768 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

19:50:11.0026 3768 isapnp - ok

19:50:11.0057 3768 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

19:50:11.0057 3768 iScsiPrt - ok

19:50:11.0151 3768 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

19:50:11.0151 3768 kbdclass - ok

19:50:11.0182 3768 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

19:50:11.0182 3768 kbdhid - ok

19:50:11.0229 3768 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

19:50:11.0245 3768 KSecDD - ok

19:50:11.0276 3768 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

19:50:11.0276 3768 KSecPkg - ok

19:50:11.0369 3768 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

19:50:11.0369 3768 ksthunk - ok

19:50:11.0479 3768 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

19:50:11.0479 3768 lltdio - ok

19:50:11.0603 3768 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

19:50:11.0603 3768 LSI_FC - ok

19:50:11.0635 3768 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

19:50:11.0635 3768 LSI_SAS - ok

19:50:11.0650 3768 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:50:11.0650 3768 LSI_SAS2 - ok

19:50:11.0666 3768 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:50:11.0666 3768 LSI_SCSI - ok

19:50:11.0713 3768 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

19:50:11.0713 3768 luafv - ok

19:50:11.0900 3768 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

19:50:11.0900 3768 megasas - ok

19:50:11.0915 3768 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

19:50:11.0931 3768 MegaSR - ok

19:50:12.0056 3768 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys

19:50:12.0056 3768 mfeapfk - ok

19:50:12.0103 3768 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys

19:50:12.0103 3768 mfeavfk - ok

19:50:12.0243 3768 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys

19:50:12.0243 3768 mfefirek - ok

19:50:12.0321 3768 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys

19:50:12.0337 3768 mfehidk - ok

19:50:12.0477 3768 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys

19:50:12.0477 3768 mfenlfk - ok

19:50:12.0602 3768 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys

19:50:12.0602 3768 mferkdet - ok

19:50:12.0664 3768 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys

19:50:12.0664 3768 mfewfpk - ok

19:50:12.0789 3768 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

19:50:12.0789 3768 Modem - ok

19:50:12.0820 3768 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

19:50:12.0820 3768 monitor - ok

19:50:12.0883 3768 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

19:50:12.0883 3768 mouclass - ok

19:50:12.0945 3768 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

19:50:12.0945 3768 mouhid - ok

19:50:12.0976 3768 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

19:50:12.0976 3768 mountmgr - ok

19:50:13.0023 3768 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

19:50:13.0023 3768 mpio - ok

19:50:13.0054 3768 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

19:50:13.0054 3768 mpsdrv - ok

19:50:13.0085 3768 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

19:50:13.0085 3768 MRxDAV - ok

19:50:13.0117 3768 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:50:13.0117 3768 mrxsmb - ok

19:50:13.0179 3768 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:50:13.0179 3768 mrxsmb10 - ok

19:50:13.0288 3768 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:50:13.0288 3768 mrxsmb20 - ok

19:50:13.0397 3768 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys

19:50:13.0397 3768 msahci - ok

19:50:13.0475 3768 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

19:50:13.0475 3768 msdsm - ok

19:50:13.0585 3768 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

19:50:13.0585 3768 Msfs - ok

19:50:14.0068 3768 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

19:50:14.0068 3768 mshidkmdf - ok

19:50:14.0115 3768 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

19:50:14.0115 3768 msisadrv - ok

19:50:14.0224 3768 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

19:50:14.0224 3768 MSKSSRV - ok

19:50:14.0302 3768 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

19:50:14.0302 3768 MSPCLOCK - ok

19:50:14.0318 3768 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

19:50:14.0333 3768 MSPQM - ok

19:50:14.0349 3768 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

19:50:14.0349 3768 MsRPC - ok

19:50:14.0380 3768 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

19:50:14.0380 3768 mssmbios - ok

19:50:14.0458 3768 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

19:50:14.0458 3768 MSTEE - ok

19:50:14.0474 3768 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

19:50:14.0474 3768 MTConfig - ok

19:50:14.0567 3768 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

19:50:14.0567 3768 Mup - ok

19:50:14.0677 3768 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

19:50:14.0677 3768 NativeWifiP - ok

19:50:14.0755 3768 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

19:50:14.0770 3768 NDIS - ok

19:50:14.0817 3768 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

19:50:14.0817 3768 NdisCap - ok

19:50:14.0848 3768 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

19:50:14.0848 3768 NdisTapi - ok

19:50:14.0895 3768 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

19:50:14.0895 3768 Ndisuio - ok

19:50:14.0926 3768 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

19:50:14.0926 3768 NdisWan - ok

19:50:14.0942 3768 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

19:50:14.0957 3768 NDProxy - ok

19:50:14.0989 3768 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

19:50:14.0989 3768 NetBIOS - ok

19:50:15.0020 3768 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

19:50:15.0020 3768 NetBT - ok

19:50:15.0145 3768 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

19:50:15.0160 3768 nfrd960 - ok

19:50:15.0176 3768 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

19:50:15.0176 3768 Npfs - ok

19:50:15.0207 3768 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

19:50:15.0207 3768 nsiproxy - ok

19:50:15.0301 3768 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

19:50:15.0332 3768 Ntfs - ok

19:50:15.0425 3768 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

19:50:15.0425 3768 Null - ok

19:50:15.0472 3768 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

19:50:15.0472 3768 nvraid - ok

19:50:15.0519 3768 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

19:50:15.0535 3768 nvstor - ok

19:50:15.0644 3768 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

19:50:15.0644 3768 nv_agp - ok

19:50:15.0659 3768 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

19:50:15.0659 3768 ohci1394 - ok

19:50:15.0831 3768 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

19:50:15.0831 3768 Parport - ok

19:50:15.0847 3768 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

19:50:15.0847 3768 partmgr - ok

19:50:15.0878 3768 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

19:50:15.0878 3768 pci - ok

19:50:15.0925 3768 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

19:50:15.0925 3768 pciide - ok

19:50:16.0018 3768 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

19:50:16.0018 3768 pcmcia - ok

19:50:16.0049 3768 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

19:50:16.0049 3768 pcw - ok

19:50:16.0081 3768 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

19:50:16.0096 3768 PEAUTH - ok

19:50:16.0190 3768 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

19:50:16.0190 3768 PptpMiniport - ok

19:50:16.0205 3768 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

19:50:16.0221 3768 Processor - ok

19:50:16.0268 3768 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

19:50:16.0268 3768 Psched - ok

19:50:16.0330 3768 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

19:50:16.0330 3768 PxHlpa64 - ok

19:50:16.0377 3768 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

19:50:16.0424 3768 ql2300 - ok

19:50:16.0517 3768 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

19:50:16.0533 3768 ql40xx - ok

19:50:16.0549 3768 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

19:50:16.0549 3768 QWAVEdrv - ok

19:50:16.0580 3768 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

19:50:16.0580 3768 RasAcd - ok

19:50:16.0642 3768 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:50:16.0642 3768 RasAgileVpn - ok

19:50:16.0689 3768 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:50:16.0689 3768 Rasl2tp - ok

19:50:16.0736 3768 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

19:50:16.0736 3768 RasPppoe - ok

19:50:16.0751 3768 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

19:50:16.0751 3768 RasSstp - ok

19:50:16.0783 3768 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

19:50:16.0798 3768 rdbss - ok

19:50:16.0829 3768 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

19:50:16.0829 3768 rdpbus - ok

19:50:16.0861 3768 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:50:16.0861 3768 RDPCDD - ok

19:50:16.0892 3768 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

19:50:16.0892 3768 RDPENCDD - ok

19:50:16.0923 3768 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

19:50:16.0923 3768 RDPREFMP - ok

19:50:16.0954 3768 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

19:50:16.0954 3768 RDPWD - ok

19:50:17.0001 3768 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

19:50:17.0001 3768 rdyboost - ok

19:50:17.0157 3768 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

19:50:17.0157 3768 rspndr - ok

19:50:17.0188 3768 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys

19:50:17.0204 3768 RSUSBSTOR - ok

19:50:17.0313 3768 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

19:50:17.0313 3768 SASDIFSV - ok

19:50:17.0344 3768 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

19:50:17.0344 3768 SASKUTIL - ok

19:50:17.0438 3768 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

19:50:17.0438 3768 sbp2port - ok

19:50:17.0469 3768 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

19:50:17.0469 3768 scfilter - ok

19:50:17.0594 3768 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:50:17.0594 3768 secdrv - ok

19:50:17.0625 3768 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

19:50:17.0641 3768 Serenum - ok

19:50:17.0656 3768 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

19:50:17.0672 3768 Serial - ok

19:50:17.0687 3768 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

19:50:17.0687 3768 sermouse - ok

19:50:17.0719 3768 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

19:50:17.0719 3768 sffdisk - ok

19:50:17.0734 3768 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

19:50:17.0734 3768 sffp_mmc - ok

19:50:17.0750 3768 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

19:50:17.0750 3768 sffp_sd - ok

19:50:17.0781 3768 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

19:50:17.0781 3768 sfloppy - ok

19:50:17.0843 3768 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:50:17.0843 3768 SiSRaid2 - ok

19:50:17.0859 3768 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

19:50:17.0859 3768 SiSRaid4 - ok

19:50:17.0906 3768 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

19:50:17.0906 3768 Smb - ok

19:50:17.0968 3768 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

19:50:17.0968 3768 spldr - ok

19:50:18.0046 3768 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

19:50:18.0046 3768 srv - ok

19:50:18.0077 3768 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

19:50:18.0093 3768 srv2 - ok

19:50:18.0124 3768 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

19:50:18.0140 3768 srvnet - ok

19:50:18.0233 3768 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

19:50:18.0249 3768 stexstor - ok

19:50:18.0296 3768 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys

19:50:18.0296 3768 STHDA - ok

19:50:18.0421 3768 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

19:50:18.0421 3768 swenum - ok

19:50:18.0530 3768 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

19:50:18.0545 3768 Tcpip - ok

19:50:18.0623 3768 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

19:50:18.0639 3768 TCPIP6 - ok

19:50:18.0686 3768 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

19:50:18.0701 3768 tcpipreg - ok

19:50:18.0733 3768 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

19:50:18.0733 3768 TDPIPE - ok

19:50:18.0748 3768 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

19:50:18.0748 3768 TDTCP - ok

19:50:18.0779 3768 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

19:50:18.0779 3768 tdx - ok

19:50:18.0811 3768 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

19:50:18.0811 3768 TermDD - ok

19:50:18.0857 3768 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:50:18.0857 3768 tssecsrv - ok

19:50:18.0904 3768 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

19:50:18.0904 3768 tunnel - ok

19:50:18.0935 3768 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

19:50:18.0935 3768 uagp35 - ok

19:50:18.0982 3768 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys

19:50:18.0982 3768 udfs - ok

19:50:19.0060 3768 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

19:50:19.0060 3768 uliagpkx - ok

19:50:19.0107 3768 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

19:50:19.0107 3768 umbus - ok

19:50:19.0138 3768 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

19:50:19.0138 3768 UmPass - ok

19:50:19.0201 3768 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

19:50:19.0216 3768 USBAAPL64 - ok

19:50:19.0247 3768 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

19:50:19.0247 3768 usbccgp - ok

19:50:19.0357 3768 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

19:50:19.0357 3768 usbcir - ok

19:50:19.0450 3768 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys

19:50:19.0450 3768 usbehci - ok

19:50:19.0575 3768 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

19:50:19.0591 3768 usbhub - ok

19:50:19.0669 3768 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys

19:50:19.0669 3768 usbohci - ok

19:50:19.0700 3768 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

19:50:19.0700 3768 usbprint - ok

19:50:19.0809 3768 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:50:19.0809 3768 USBSTOR - ok

19:50:19.0903 3768 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys

19:50:19.0903 3768 usbuhci - ok

19:50:20.0027 3768 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

19:50:20.0043 3768 usbvideo - ok

19:50:20.0168 3768 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

19:50:20.0168 3768 vdrvroot - ok

19:50:20.0261 3768 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

19:50:20.0261 3768 vga - ok

19:50:20.0355 3768 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

19:50:20.0355 3768 VgaSave - ok

19:50:20.0449 3768 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

19:50:20.0449 3768 vhdmp - ok

19:50:20.0542 3768 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

19:50:20.0542 3768 viaide - ok

19:50:20.0573 3768 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

19:50:20.0589 3768 volmgr - ok

19:50:20.0698 3768 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

19:50:20.0698 3768 volmgrx - ok

19:50:20.0807 3768 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

19:50:20.0807 3768 volsnap - ok

19:50:21.0229 3768 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

19:50:21.0229 3768 vsmraid - ok

19:50:21.0400 3768 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

19:50:21.0400 3768 vwifibus - ok

19:50:21.0431 3768 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

19:50:21.0431 3768 vwififlt - ok

19:50:21.0463 3768 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

19:50:21.0463 3768 WacomPen - ok

19:50:21.0587 3768 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

19:50:21.0587 3768 WANARP - ok

19:50:21.0603 3768 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

19:50:21.0603 3768 Wanarpv6 - ok

19:50:21.0728 3768 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

19:50:21.0728 3768 Wd - ok

19:50:21.0837 3768 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

19:50:21.0837 3768 Wdf01000 - ok

19:50:21.0977 3768 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

19:50:21.0993 3768 WfpLwf - ok

19:50:22.0087 3768 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

19:50:22.0087 3768 WimFltr - ok

19:50:22.0118 3768 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

19:50:22.0118 3768 WIMMount - ok

19:50:22.0258 3768 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

19:50:22.0274 3768 WinUsb - ok

19:50:22.0321 3768 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

19:50:22.0321 3768 WmiAcpi - ok

19:50:22.0445 3768 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

19:50:22.0461 3768 ws2ifsl - ok

19:50:22.0492 3768 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

19:50:22.0508 3768 WudfPf - ok

19:50:22.0617 3768 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:50:22.0617 3768 WUDFRd - ok

19:50:22.0695 3768 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys

19:50:22.0695 3768 yukonw7 - ok

19:50:22.0742 3768 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

19:50:22.0804 3768 \Device\Harddisk0\DR0 - ok

19:50:22.0820 3768 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR3

19:50:23.0475 3768 \Device\Harddisk1\DR3 - ok

19:50:23.0522 3768 Boot (0x1200) (da95cc62c3dd36d8f886bc7d401d0b4b) \Device\Harddisk0\DR0\Partition0

19:50:23.0522 3768 \Device\Harddisk0\DR0\Partition0 - ok

19:50:23.0537 3768 Boot (0x1200) (2ca91636975092fb0fd75ee2aba6c1ab) \Device\Harddisk0\DR0\Partition1

19:50:23.0537 3768 \Device\Harddisk0\DR0\Partition1 - ok

19:50:23.0553 3768 Boot (0x1200) (2a49acb17271c604d500e0b4bd1c0114) \Device\Harddisk1\DR3\Partition0

19:50:23.0553 3768 \Device\Harddisk1\DR3\Partition0 - ok

19:50:23.0553 3768 ============================================================

19:50:23.0553 3768 Scan finished

19:50:23.0553 3768 ============================================================

19:50:23.0569 2864 Detected object count: 0

19:50:23.0569 2864 Actual detected object count: 0

Link to post
Share on other sites

And here are the other two logs--

ComboFix 12-01-03.07 - KP 01/03/2012 20:25:05.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3032.1748 [GMT -5:00]

Running from: c:\users\KP\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\KP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Check Disk

c:\windows\assembly\temp\@

c:\windows\assembly\temp\bckfg.tmp

c:\windows\assembly\temp\cfg.ini

c:\windows\assembly\temp\keywords

c:\windows\assembly\temp\kwrd.dll

c:\windows\system32\consrv.dll

c:\windows\system32\java.exe

c:\windows\system32\jucheck.exe

c:\windows\system32\jusched.exe

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))

.

.

2012-01-04 01:35 . 2012-01-04 01:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-04 01:35 . 2012-01-04 01:35 -------- d-----w- c:\users\Molly\AppData\Local\temp

2011-12-27 22:10 . 2012-01-04 01:41 5110 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2011-12-27 02:52 . 2012-01-02 21:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-26 22:43 . 2011-12-26 22:43 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-24 02:15 . 2011-12-27 01:09 16200 ----a-w- c:\windows\stinger.sys

2011-12-24 01:10 . 2011-12-06 22:22 28760 ----a-w- c:\program files (x86)\Mozilla Firefox\ScriptFF.dll

2011-12-24 00:58 . 2011-12-26 22:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-24 00:35 . 2011-12-24 00:35 -------- d-----w- c:\users\KP\AppData\Roaming\McAfee

2011-12-24 00:28 . 2012-01-04 01:16 -------- d-----w- c:\program files (x86)\Common Files\McAfee

2011-12-24 00:28 . 2012-01-04 01:16 -------- d-----w- c:\program files\McAfee

2011-12-24 00:28 . 2012-01-04 01:16 -------- d-----w- c:\program files (x86)\McAfee

2011-12-24 00:26 . 2012-01-04 01:18 -------- d-----w- c:\programdata\McAfee

2011-12-23 00:07 . 2011-12-23 00:07 -------- d-----w- c:\program files\iPod

2011-12-23 00:07 . 2011-12-23 00:08 -------- d-----w- c:\program files\iTunes

2011-12-23 00:05 . 2011-12-23 00:05 -------- d-----w- c:\program files (x86)\Apple Software Update

2011-12-23 00:03 . 2011-12-23 00:03 -------- d-----w- c:\program files\Bonjour

2011-12-23 00:03 . 2011-12-23 00:03 -------- d-----w- c:\program files (x86)\Bonjour

2011-12-22 01:24 . 2011-12-22 01:24 -------- d-----w- c:\windows\system32\SPReview

2011-12-21 23:38 . 2011-12-21 23:38 -------- d-----w- c:\windows\system32\EventProviders

2011-12-17 16:39 . 2011-12-17 16:39 -------- d-----w- c:\users\Katie Admin

2011-12-16 00:33 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-14 01:50 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2011-12-06 02:35 . 2011-12-06 02:35 -------- d-----w- c:\users\KP\AppData\Roaming\SUPERAntiSpyware.com

2011-12-06 02:35 . 2011-12-06 02:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-12-06 02:25 . 2011-12-06 02:25 -------- d-----w- c:\program files (x86)\Common Files\Java

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 20:24 . 2010-11-28 22:17 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-19 421888]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-07 559616]

.

c:\users\Molly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-20 136176]

R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-20 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-03-04 658656]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-20 22:59]

.

2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-20 22:59]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"combofix"="c:\combofix\CF2000.3XE" [2009-07-14 344576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-FAStartup - (no file)

Notify-FastAccess - c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BFE]

"ImagePath"="NADA"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2012-01-03 20:57:56 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-04 01:57

.

Pre-Run: 180,862,484,480 bytes free

Post-Run: 181,437,935,616 bytes free

.

- - End Of File - - 3EF97845479A5273FDC67D0BA6B7BEE7

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Dell Inc.

BIOS Manufacturer: Dell Inc.

System Manufacturer: Dell Inc.

System Product Name: Inspiron 1545

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 183):

0x03059000 \SystemRoot\system32\ntoskrnl.exe

0x03010000 \SystemRoot\system32\hal.dll

0x00BB6000 \SystemRoot\system32\kdcom.dll

0x00C47000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00C8B000 \SystemRoot\system32\PSHED.dll

0x00C9F000 \SystemRoot\system32\CLFS.SYS

0x00CFD000 \SystemRoot\system32\CI.dll

0x00E72000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F16000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F25000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00F7C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00F85000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00F8F000 \SystemRoot\system32\DRIVERS\pci.sys

0x00FC2000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00FCF000 \SystemRoot\System32\drivers\partmgr.sys

0x00FE4000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00FED000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00E00000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00E15000 \SystemRoot\System32\drivers\volmgrx.sys

0x00DBD000 \SystemRoot\System32\drivers\mountmgr.sys

0x01047000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x01163000 \SystemRoot\system32\drivers\amdxata.sys

0x0116E000 \SystemRoot\system32\drivers\fltmgr.sys

0x011BA000 \SystemRoot\system32\drivers\fileinfo.sys

0x011CE000 \SystemRoot\System32\Drivers\PxHlpa64.sys

0x01203000 \SystemRoot\System32\Drivers\Ntfs.sys

0x014EF000 \SystemRoot\System32\Drivers\msrpc.sys

0x0154D000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01567000 \SystemRoot\System32\Drivers\cng.sys

0x015DA000 \SystemRoot\System32\drivers\pcw.sys

0x015EB000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x016D9000 \SystemRoot\system32\drivers\ndis.sys

0x01600000 \SystemRoot\system32\drivers\NETIO.SYS

0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x0168B000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x017CB000 \SystemRoot\System32\Drivers\spldr.sys

0x01400000 \SystemRoot\System32\drivers\rdyboost.sys

0x017D3000 \SystemRoot\System32\Drivers\mup.sys

0x017E5000 \SystemRoot\System32\drivers\hwpolicy.sys

0x0143A000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01474000 \SystemRoot\system32\DRIVERS\disk.sys

0x0148A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x03813000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x0383D000 \SystemRoot\System32\Drivers\Null.SYS

0x03846000 \SystemRoot\System32\Drivers\Beep.SYS

0x0384D000 \SystemRoot\System32\drivers\vga.sys

0x0385B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x03880000 \SystemRoot\System32\drivers\watchdog.sys

0x03890000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x03899000 \SystemRoot\system32\drivers\rdpencdd.sys

0x038A2000 \SystemRoot\system32\drivers\rdprefmp.sys

0x038AB000 \SystemRoot\System32\Drivers\Msfs.SYS

0x038B6000 \SystemRoot\System32\Drivers\Npfs.SYS

0x03A02000 \SystemRoot\System32\drivers\tcpip.sys

0x013A5000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x014BA000 \SystemRoot\system32\DRIVERS\tdx.sys

0x038C7000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x01000000 \SystemRoot\System32\DRIVERS\netbt.sys

0x03C60000 \SystemRoot\system32\drivers\afd.sys

0x03CE9000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x03CF2000 \SystemRoot\system32\DRIVERS\pacer.sys

0x03D18000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x03D2E000 \SystemRoot\system32\DRIVERS\netbios.sys

0x03D3D000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x03D58000 \SystemRoot\system32\DRIVERS\termdd.sys

0x03D6C000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

0x03D76000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

0x03D80000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x03DD1000 \SystemRoot\system32\drivers\nsiproxy.sys

0x03DDD000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x03DE8000 \SystemRoot\System32\drivers\discache.sys

0x03C00000 \SystemRoot\System32\Drivers\dfsc.sys

0x03C1E000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x03C2F000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x04695000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x02A62000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x02B56000 \SystemRoot\System32\drivers\dxgmms1.sys

0x02B9C000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x02BA9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x02A00000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x02A11000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x04ED1000 \SystemRoot\system32\DRIVERS\bcmwl664.sys

0x05179000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x05186000 \SystemRoot\system32\DRIVERS\yk62x64.sys

0x04E00000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x04E1E000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

0x04E5A000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x04E69000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x04E78000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x04E85000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x04E8A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x04E93000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x04EA9000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x04EB9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x02A35000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x051EA000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x04D94000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x04DC3000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x04DDE000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x04600000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x051F6000 \SystemRoot\system32\DRIVERS\swenum.sys

0x0461A000 \SystemRoot\system32\DRIVERS\ks.sys

0x0465D000 \SystemRoot\system32\DRIVERS\umbus.sys

0x042A1000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x042FB000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04310000 \SystemRoot\system32\DRIVERS\stwrt64.sys

0x0438B000 \SystemRoot\system32\DRIVERS\portcls.sys

0x043C8000 \SystemRoot\system32\DRIVERS\drmk.sys

0x043EA000 \SystemRoot\system32\drivers\ksthunk.sys

0x043F0000 \SystemRoot\System32\Drivers\crashdmp.sys

0x038D4000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x04200000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x000B0000 \SystemRoot\System32\win32k.sys

0x04213000 \SystemRoot\System32\drivers\Dxapi.sys

0x0421F000 \SystemRoot\System32\Drivers\RtsUStor.sys

0x04259000 \SystemRoot\System32\Drivers\USBD.SYS

0x0425B000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x00C00000 \SystemRoot\System32\Drivers\usbvideo.sys

0x01E10000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys

0x01E3B000 \SystemRoot\system32\DRIVERS\monitor.sys

0x005F0000 \SystemRoot\System32\TSDDD.dll

0x00750000 \SystemRoot\System32\cdd.dll

0x01E49000 \SystemRoot\system32\drivers\luafv.sys

0x01E6C000 \SystemRoot\system32\drivers\WudfPf.sys

0x01E8D000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x01EA2000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x01EF5000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x01F08000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x01F20000 \SystemRoot\System32\Drivers\fastfat.SYS

0x0283C000 \SystemRoot\system32\drivers\HTTP.sys

0x02904000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x02931000 \SystemRoot\system32\DRIVERS\bowser.sys

0x0294F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x0297C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x029CA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x01F56000 \SystemRoot\System32\DRIVERS\srv2.sys

0x0367B000 \SystemRoot\System32\DRIVERS\srv.sys

0x03710000 \SystemRoot\system32\drivers\peauth.sys

0x037B6000 \SystemRoot\System32\Drivers\secdrv.SYS

0x037C1000 \SystemRoot\System32\drivers\tcpipreg.sys

0x037D3000 \SystemRoot\system32\drivers\BCM42RLY.sys

0x03631000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS

0x03639000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x03600000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x77A10000 \Windows\System32\ntdll.dll

0x47F20000 \Windows\System32\smss.exe

0xFFD30000 \Windows\System32\apisetschema.dll

0xFF4A0000 \Windows\System32\autochk.exe

0xFFC80000 \Windows\System32\comdlg32.dll

0xFFB50000 \Windows\System32\wininet.dll

0x77BE0000 \Windows\System32\psapi.dll

0xFFB20000 \Windows\System32\imm32.dll

0xFFA40000 \Windows\System32\advapi32.dll

0xFF830000 \Windows\System32\ole32.dll

0xFEAA0000 \Windows\System32\shell32.dll

0xFE9C0000 \Windows\System32\oleaut32.dll

0xFE940000 \Windows\System32\shlwapi.dll

0xFE8A0000 \Windows\System32\clbcatq.dll

0xFE850000 \Windows\System32\ws2_32.dll

0x77910000 \Windows\System32\user32.dll

0xFE830000 \Windows\System32\sechost.dll

0xFE7E0000 \Windows\System32\Wldap32.dll

0x777F0000 \Windows\System32\kernel32.dll

0xFE7D0000 \Windows\System32\nsi.dll

0xFE570000 \Windows\System32\iertutil.dll

0xFE4A0000 \Windows\System32\usp10.dll

0xFE420000 \Windows\System32\difxapi.dll

0x77BD0000 \Windows\System32\normaliz.dll

0xFE400000 \Windows\System32\imagehlp.dll

0xFE220000 \Windows\System32\setupapi.dll

0xFE0F0000 \Windows\System32\rpcrt4.dll

0xFE080000 \Windows\System32\gdi32.dll

0xFDFE0000 \Windows\System32\msvcrt.dll

0xFDFD0000 \Windows\System32\lpk.dll

0xFDE50000 \Windows\System32\urlmon.dll

0xFDD40000 \Windows\System32\msctf.dll

0xFDD00000 \Windows\System32\wintrust.dll

0xFDCC0000 \Windows\System32\cfgmgr32.dll

0xFDC20000 \Windows\System32\comctl32.dll

0xFDC00000 \Windows\System32\devobj.dll

0xFDB90000 \Windows\System32\KernelBase.dll

0xFDA20000 \Windows\System32\crypt32.dll

0xFDA10000 \Windows\System32\msasn1.dll

Processes (total 71):

0 System Idle Process

4 System

296 C:\Windows\System32\smss.exe

384 csrss.exe

440 C:\Windows\System32\wininit.exe

456 csrss.exe

520 C:\Windows\System32\services.exe

528 C:\Windows\System32\winlogon.exe

540 C:\Windows\System32\lsass.exe

548 C:\Windows\System32\lsm.exe

660 C:\Windows\System32\svchost.exe

736 C:\Windows\System32\svchost.exe

828 C:\Windows\System32\svchost.exe

868 C:\Windows\System32\svchost.exe

896 C:\Windows\System32\svchost.exe

932 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe

676 C:\Windows\System32\svchost.exe

1092 C:\Program Files\Dell\DellDock\DockLogin.exe

1168 C:\Windows\System32\svchost.exe

1256 C:\Windows\System32\wlanext.exe

1264 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

1272 C:\Windows\System32\conhost.exe

1336 C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE

1396 C:\Windows\System32\spoolsv.exe

1532 C:\Program Files\SUPERAntiSpyware\SASCore64.exe

1644 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

1696 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1820 C:\Program Files\Bonjour\mDNSResponder.exe

1856 C:\Windows\System32\svchost.exe

1944 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

1992 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

2020 C:\Windows\System32\svchost.exe

1460 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

1732 C:\Windows\System32\taskhost.exe

1036 C:\Windows\System32\dwm.exe

1712 C:\Windows\explorer.exe

2356 C:\Windows\System32\svchost.exe

2836 WmiPrvSE.exe

2700 C:\Program Files\DellTPad\Apoint.exe

2696 C:\Program Files\IDT\WDM\sttray64.exe

2832 C:\Windows\System32\igfxtray.exe

2116 C:\Windows\System32\hkcmd.exe

2260 C:\Windows\System32\igfxpers.exe

2240 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

2232 C:\Program Files\Dell\QuickSet\quickset.exe

2140 C:\Windows\System32\igfxsrvc.exe

2552 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

3044 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

3004 C:\Program Files\DellTPad\ApMsgFwd.exe

2796 C:\Program Files\DellTPad\hidfind.exe

2436 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

2540 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

2496 C:\Program Files\DellTPad\ApntEx.exe

2792 C:\Windows\System32\conhost.exe

3140 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

3268 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

3392 C:\Program Files\iTunes\iTunesHelper.exe

3528 C:\Windows\System32\SearchIndexer.exe

3808 C:\Program Files\iPod\bin\iPodService.exe

3344 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

3164 C:\Program Files\Windows Media Player\wmpnetwk.exe

764 C:\Windows\System32\wuauclt.exe

3336 C:\Windows\System32\audiodg.exe

3868 taskhost.exe

996 WUDFHost.exe

600 C:\Windows\System32\SearchProtocolHost.exe

812 C:\Windows\System32\SearchFilterHost.exe

3432 dllhost.exe

2868 dllhost.exe

3520 C:\Users\KP\Desktop\MBRCheck.exe

2560 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVT-75A23T0, Rev: 01.01A01

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Link to post
Share on other sites

I ran all of the suggested programs and will post the logs below. As a note, when I tried to disable the McAfee AntiVirus, I wasn't able to. I ended up removing the program in its entirety-- though when I ran the ComboFix, it still said that McAfee was running (even after it was removed). I haven't reinstalled McAfee yet, I figure it wasn't working earlier anyway.

Sounds good. I suggest you hold off on reinstalling McAfee until we're all clean, as there is some more that needs doing ;):

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    vssvc.exe
    SDRSVC.dll
    bfe.dll
    mpssvc.dll


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

I have my fingers crossed that this is working! I ran another MBAM scan before doing anything and it found the bitminer in a different place than it had been before. I've pasted that log below. I then removed it and ran the scan you suggested. That log, and a follow up MBAM scan log are below too.

Thank you!

1st MBAM Scan tonight

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.04.06

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

KP :: MOLLY-PC [administrator]

1/4/2012 6:37:21 PM

mbam-log-2012-01-04 (18-37-21).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 410813

Time elapsed: 57 minute(s), 46 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Qoobox\Quarantine\C\Windows\assembly\temp\kwrd.dll.vir (PUP.BitMiner) -> Quarantined and deleted successfully.

(end)

SYSTEM LOOK SCAN

SystemLook 30.07.11 by jpshortstuff

Log created at 20:30 on 04/01/2012 by KP

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "vssvc.exe"

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7601.17514_none_b8f2d3e62e76fe08\VSSVC.exe --a---- 1600512 bytes [19:03 07/07/2011] [13:25 20/11/2010] B60BA0BC31B0CB414593E169F6F21CC2

C:\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_b6c1c01e31887a6e\VSSVC.exe --a---- 1598976 bytes [23:39 13/07/2009] [01:39 14/07/2009] 787898BF9FB6D7BD87A36E2D95C899BA

Searching for "SDRSVC.dll"

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d\sdrsvc.dll --a---- 170496 bytes [19:02 07/07/2011] [13:27 20/11/2010] 6EA4234DC55346E0709560FE7C2C1972

C:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7600.16385_none_80feadf380799a73\sdrsvc.dll --a---- 170496 bytes [23:36 13/07/2009] [01:41 14/07/2009] 765A27C3279CE11D14CB9E4F5869FCA5

Searching for "bfe.dll"

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.17514_none_2b4a7558412a624a\BFE.DLL --a---- 705024 bytes [19:03 07/07/2011] [13:25 20/11/2010] 82974D6A2FD19445CC5171FC378668A4

C:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7600.16385_none_29196190443bdeb0\BFE.DLL --a---- 703488 bytes [00:09 14/07/2009] [01:40 14/07/2009] 4992C609A6315671463E30F6512BC022

Searching for "mpssvc.dll"

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\MPSSVC.dll --a---- 828416 bytes [19:03 07/07/2011] [13:26 20/11/2010] 54FFC9C8898113ACE189D4AA7199D2C1

C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll --a---- 824832 bytes [00:09 14/07/2009] [01:41 14/07/2009] AECAB449567D1846DAD63ECE49E893E3

-= EOF =-

Post-System Look Scan MBAM Scan

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.04.06

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

KP :: MOLLY-PC [administrator]

1/4/2012 8:36:31 PM

mbam-log-2012-01-04 (20-36-31).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 410957

Time elapsed: 50 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

There's something odd- your system appears to be a Windows 7 machine, yet it has the Master Boot Record of a Vista machine. Did you previously have Vista and upgraded to Windows 7? Please let me know if possible :).

Next,

Please do the following. You will need a USB drive with no less than 64 mb of space.

  • Insert your USB drive.
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Download xPUD 0.9.2 iso, saving the file to your Desktop.
  • Download UNetbootin and save it to your Desktop as well.
  • Double click the unetbootin-windows-latest.exe that you just downloaded.
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will write files to your USB device and make it bootable
  • Once the files have been written to the device you will be prompted to reboot ~ do NOT reboot and instead just Exit the UNetbootin interface
  • Next, download dumpit and save it to the same flash drive where you installed xPUD.
  • Remove the USB and insert it in the ailing computer
  • Power on the computer and press F12 then choose to boot from the USB
  • After selecting a language and readying the system, a Welcome to xPUD screen will appear
  • Click the File tab
  • Expand mnt by clicking the plus sign to it's left
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Double click dumpit.
  • It will create some MBR copies on the USB drive.
  • When it completes press Enter to exit the Terminal window.
  • Remove the USB drive, then locate on it an mbr.zip file, and upload that here as an attachment please.

mbr.zip should be created on your flash drive, please attach it to your next reply.

Link to post
Share on other sites

The dumpit link didn't work-- it was just a web page with characters on it. Is there something else I could try?

On the Windows version, I'm running Windows 7. There may have been a 3 month trial or something installed prior to this though-- but the computer wasn't mine at that point so I'm not sure.

Thanks!

Link to post
Share on other sites

Thanks D-Fred-- and no need to apologize for delays at all. I just appreciate your help.

The new FSS log is posted below. I ran MBAM yesterday and nothing was found.

Farbar Service Scanner

Ran by KP (administrator) on 09-01-2012 at 19:40:02

Microsoft Windows 7 Home Premium (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll

[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll

[2009-07-13 19:09] - [2009-07-13 20:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe

[2009-07-13 18:39] - [2009-07-13 20:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

Please go to http://www.virustotal.com/ , click on Browse, and upload the following file/s for analysis: You will only be able to have one file scanned at a time.

C:\Windows\System32\mpssvc.dll

C:\Windows\System32\bfe.dll

C:\Windows\System32\SDRSVC.dll

C:\Windows\System32\vssvc.exe

Then click Submit. Allow the file to be scanned, and then please copy/paste the results here for me to see.

If Jotti is busy, please go to http://virusscan.jotti.org,

Link to post
Share on other sites

No worries. Try this link for SystemLook http://jpshortstuff.247fixes.com/SystemLook_x64.exe

Then, please run my original script (located here http://forums.malwarebytes.org/index.php?showtopic=103666&view=findpost&p=513133) and post the report it creates ;)

Link to post
Share on other sites

So here are the individual files, done one at a time-- and then I'll post the full SystemLook below.

SystemLook 30.07.11 by jpshortstuff

Log created at 20:51 on 12/01/2012 by KP

Administrator - Elevation successful

No Context: C:\Windows\System32\mpssvc.dll

-= EOF =-

SystemLook 30.07.11 by jpshortstuff

Log created at 20:52 on 12/01/2012 by KP

Administrator - Elevation successful

No Context: C:\Windows\System32\bfe.dll

-= EOF =-

SystemLook 30.07.11 by jpshortstuff

Log created at 20:53 on 12/01/2012 by KP

Administrator - Elevation successful

No Context: C:\Windows\System32\SDRSVC.dll

-= EOF =-

SystemLook 30.07.11 by jpshortstuff

Log created at 20:53 on 12/01/2012 by KP

Administrator - Elevation successful

No Context: C:\Windows\System32\vssvc.exe

SystemLook 30.07.11 by jpshortstuff

Log created at 20:55 on 12/01/2012 by KP

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "vssvc.exe"

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7601.17514_none_b8f2d3e62e76fe08\VSSVC.exe --a---- 1600512 bytes [19:03 07/07/2011] [13:25 20/11/2010] B60BA0BC31B0CB414593E169F6F21CC2

C:\Windows\winsxs\amd64_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_b6c1c01e31887a6e\VSSVC.exe --a---- 1598976 bytes [23:39 13/07/2009] [01:39 14/07/2009] 787898BF9FB6D7BD87A36E2D95C899BA

Searching for "SDRSVC.dll"

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d\sdrsvc.dll --a---- 170496 bytes [19:02 07/07/2011] [13:27 20/11/2010] 6EA4234DC55346E0709560FE7C2C1972

C:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7600.16385_none_80feadf380799a73\sdrsvc.dll --a---- 170496 bytes [23:36 13/07/2009] [01:41 14/07/2009] 765A27C3279CE11D14CB9E4F5869FCA5

Searching for "bfe.dll"

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.17514_none_2b4a7558412a624a\BFE.DLL --a---- 705024 bytes [19:03 07/07/2011] [13:25 20/11/2010] 82974D6A2FD19445CC5171FC378668A4

C:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7600.16385_none_29196190443bdeb0\BFE.DLL --a---- 703488 bytes [00:09 14/07/2009] [01:40 14/07/2009] 4992C609A6315671463E30F6512BC022

Searching for "mpssvc.dll"

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\MPSSVC.dll --a---- 828416 bytes [19:03 07/07/2011] [13:26 20/11/2010] 54FFC9C8898113ACE189D4AA7199D2C1

C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll --a---- 824832 bytes [00:09 14/07/2009] [01:41 14/07/2009] AECAB449567D1846DAD63ECE49E893E3

-= EOF =-

Thank you!!

Link to post
Share on other sites

Sorry-- been out of town-- thanks for sticking with me!

Here is a new FSS report--

Farbar Service Scanner

Ran by KP (administrator) on 16-01-2012 at 18:43:03

Windows 7 Home Premium (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll

[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll

[2009-07-13 19:09] - [2009-07-13 20:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe

[2009-07-13 18:39] - [2009-07-13 20:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

Sorry-- been out of town-- thanks for sticking with me!

Welcome back! and no problem :).

Let's see if we can amend those Windows Firewall registry entries.

Attached is a Zip file containing some registry files I need you to use.

Please download the Zip file to your Desktop. Right-Click on it, and select Extract All.

2 files will appear: mpssvc.reg, and sdrsvc.reg.

Starting with mpssvc.reg, Right-Click on it, and select Merge. Do the same for sdrsvc.reg.

After that, please post a new Farbar Service Scanner log here for me to see :). Are you now able to access Windows Firewall?

fixes.zip

Link to post
Share on other sites

Thanks! The first file ran fine, but when I tried the second, after hitting merge, I got this message: Cannot import C:\Users\KP\Desktop\sdrsvc.reg: Not all data was successfully written to the registry. Some keys are open by the system or other processes.

When I turned my computer on, a black screen came up and said:

Checking file system on C:

The type of the file system is NTFS.

Volume label is OS.

One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue. Windows will now check the disk.

Then it ran through with numbers of files processed. This has never happened before.

When I try to turn the Windows Firewall on, I get a message that says: Windows Firewall can’t change some of your settings. Error code 0x80070424

I ran the FSS and here is the log:

Farbar Service Scanner

Ran by KP (administrator) on 17-01-2012 at 20:44:39

Microsoft Windows 7 Home Premium (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll

[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll

[2009-07-13 19:09] - [2009-07-13 20:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe

[2009-07-13 18:39] - [2009-07-13 20:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

:

Link to post
Share on other sites

hmm, something isn't right. Let's take a look at some registry keys:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDRSVC


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

The log is posted below. It took like 2 seconds to do whatever it is it was doing-- so I hope it worked!

SystemLook 30.07.11 by jpshortstuff

Log created at 16:31 on 21/01/2012 by KP

Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDRSVC]

"DisplayName"="@%SystemRoot%\system32\sdrsvc.dll,-107"

"ErrorControl"= 0x0000000001 (1)

"ImagePath"="%SystemRoot%\system32\svchost.exe -k SDRSVC"

"Start"= 0x0000000003 (3)

"Type"= 0x0000000010 (16)

"Description"="@%SystemRoot%\system32\sdrsvc.dll,-102"

"DependOnService"="RPCSS"

"ObjectName"="localSystem"

"ServiceSidType"= 0x0000000001 (1)

"RequiredPrivileges"="SeBackupPrivilege SeRestorePrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeCreateSymbolicLinkPrivilege SeAssignPrimaryTokenPrivilege SeIncreaseQuotaPrivilege SeTcbPrivilege SeSystemEnvironmentPrivilege"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDRSVC\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDRSVC\Parameters]

-= EOF =-

Link to post
Share on other sites

Let's see if those services can be manually started ;):

To do this, follow the steps below:

Click Start, type Notepad in the Start Search box (Windows Vista) or the Search programs and files box (Windows 7), and then click Notepad in the programs list.

Highlight the following text, right click the highlighted text, and then click Copy. Go to Notepad, right click anywhere in the Notepad window, and then click Paste.

sc config MpsSvc start= auto

sc config mpsdrv start= auto

sc config SDRSVC start= auto

sc config VSS start= auto

net stop MpsSvc

net start MpsSvc

net stop mpsdrv

net start mpsdrv

net stop SDRSVC

net start SDRSVC

net stop VSS

net start VSS

Click File, click Save As, and then type Repair.bat in the File name box.

Click the Save as type dropdown, then click All Files (*.*).

In the left window pane, click Desktop, and then click Save.

On the File menu, click Exit.

From your Desktop, right click the Repair.bat file that you saved in step 5, and then click Run as administrator. This action starts the required services.

Note If you are prompted for confirmation, click Yes.

Try to start the Windows Firewall again. If you can start Windows Firewall, delete the Repair.bat file. To delete the Repair.bat file, right-click Repair.bat, click Delete, and then click Yes.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.