Trojan.Alert/svchost.exe

klouf · February 14, 2012

Hi there - it seems that I also have a machine that is infected with this pesky Trojan.Alert in the svchost.exe file. After trying to remove it the usual way with a Malwarebytes Scan, amongst other tools (McAfee VirusScan Enterprise, Spybot Search & Destroy, and actually I even uninstalled Windows 7 SP1 thinking that might restore the original uninfected file, but no luck ), I wound up on the forums with a quick search and after some quick reading it seems that each case could be unique, and so here I am with my DDS & Attach logs:

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30

Run by Administrator at 16:47:18 on 2012-02-14

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4031.2007 [GMT -5:00]

.

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\vcsFPService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\nvvsvc.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Synergy\qsynergy.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\DigitalPersona\Bin\DPAgent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\mcconsol.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

BHO: DigitalPersona Fingerprint Software Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

mRun: [QuickBooksDB19] C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -n QB_MP-LAPTOP4_19 -qs -gd ALL -gk all -gp 4096 -gu all -ch 128M -c 64M -x tcpip(BroadcastListener=NO;port=55333) -ti 0 -ec simple -qi -qw -tl 120 -oe C:\PROGRA~3\Intuit\QUICKB~2\DBSTAR~1.LOG -y

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Synergy.lnk - C:\Program Files\Synergy\qsynergy.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 192.168.25.15 192.168.25.10

TCP: Interfaces\{0FCDCB9F-57B0-4CD2-8EEF-C83064DD2C2B} : DhcpNameServer = 192.168.25.15 192.168.25.10

TCP: Interfaces\{0FCDCB9F-57B0-4CD2-8EEF-C83064DD2C2B}\05F6D656762716E6164756 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{0FCDCB9F-57B0-4CD2-8EEF-C83064DD2C2B}\C696E6B637973723 : DhcpNameServer = 71.243.0.12 71.250.0.12

TCP: Interfaces\{0FCDCB9F-57B0-4CD2-8EEF-C83064DD2C2B}\E4544574541425 : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{0FCDCB9F-57B0-4CD2-8EEF-C83064DD2C2B}\E456770284F6C6C616E646 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{5BA03F7A-8154-4D05-B1D6-5A8B9D8B4499} : DhcpNameServer = 192.168.25.15 192.168.25.10

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -

LSA: Notification Packages = scecli DPPWDFLT

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: DigitalPersona Fingerprint Software Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll

BHO-X64: DigitalPersona Fingerprint Software Extension - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun-x64: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun-x64: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

mRun-x64: [QuickBooksDB19] C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -n QB_MP-LAPTOP4_19 -qs -gd ALL -gk all -gp 4096 -gu all -ch 128M -c 64M -x tcpip(BroadcastListener=NO;port=55333) -ti 0 -ec simple -qi -qw -tl 120 -oe C:\PROGRA~3\Intuit\QUICKB~2\DBSTAR~1.LOG -y

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\9v4ugqy2.default\

FF - component: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension\components\TmFFExt.dll

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

P2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2010-3-25 180968]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [2010-12-31 89600]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-14 652360]

R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2010-3-25 20792]

R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-9-25 120128]

R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2010-3-25 66880]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe --> C:\Windows\system32\mfevtps.exe [?]

R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]

R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]

R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-31 2320920]

R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-6-3 1664304]

R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S4 QuickBooksDB19;QuickBooksDB19;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]

.

=============== Created Last 30 ================

.

2012-02-14 19:59:22 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A771DF84-5FA4-4053-B931-7460803FDA1F}\offreg.dll

2012-02-14 18:19:25 20480 ----a-w- C:\Windows\svchost.exe

2012-02-14 16:15:21 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-02-14 16:08:28 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-14 16:05:33 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Macrovision

2012-02-14 15:54:35 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A771DF84-5FA4-4053-B931-7460803FDA1F}\mpengine.dll

2012-02-13 18:53:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-02-13 18:53:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-02-13 18:13:56 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes

2012-02-13 18:13:51 -------- d-----w- C:\ProgramData\Malwarebytes

2012-02-13 18:13:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-02-13 16:53:38 -------- d--h--w- C:\Users\Administrator\AppData\Roaming\DA96F

2012-02-10 13:37:14 -------- d--h--w- C:\Program Files (x86)\6FB99

2012-02-07 10:54:27 -------- d--h--w- C:\Program Files (x86)\LP

2012-02-07 10:52:27 -------- d--h--w- C:\Quarantine

2012-02-03 00:01:52 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\E06D.tmp

2012-02-03 00:01:52 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\E03D.tmp

.

==================== Find3M ====================

.

2012-02-14 19:15:50 152064 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-02-14 19:15:49 175104 ----a-w- C:\Windows\System32\msclmd.dll

2011-12-07 15:39:10 279096 ----a-w- C:\Windows\System32\MpSigStub.exe

2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys

2011-11-19 15:07:41 77312 ----a-w- C:\Windows\System32\packager.dll

2011-11-19 14:06:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2011-11-17 07:14:10 1739160 ----a-w- C:\Windows\System32\ntdll.dll

2011-11-17 05:41:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll

.

============= FINISH: 16:48:14.41 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 3/10/2011 11:15:57 AM

System Uptime: 2/14/2012 2:56:00 PM (2 hours ago)

.

Motherboard: Dell Inc. | | 0R6NH5

Processor: Intel® Core i7 CPU Q 740 @ 1.73GHz | CPU 1 | 1730/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 453 GiB total, 374.755 GiB free.

D: is CDROM ()

P: is NetworkDisk (NTFS) - 2048 GiB total, 1749.141 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco Systems VPN Adapter for 64-bit Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter for 64-bit Windows

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

RP110: 1/31/2012 8:39:28 AM - Windows Update

RP111: 2/1/2012 3:00:56 AM - Windows Update

RP112: 2/3/2012 1:47:50 PM - Windows Update

RP113: 2/4/2012 3:10:33 AM - Windows Update

RP114: 2/7/2012 4:02:57 AM - Windows Update

RP115: 2/8/2012 3:11:46 AM - Windows Update

RP116: 2/13/2012 1:53:39 PM - Installed Java 6 Update 30

RP117: 2/14/2012 10:29:44 AM - Restore Operation

RP118: 2/14/2012 11:14:14 AM - Installed Java 6 Update 30

RP119: 2/14/2012 1:36:46 PM - Windows Modules Installer

.

==== Installed Programs ======================

.

AccelerometerP11

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.1.2)

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

Bing Bar

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Webcam Central

Documents To Go Desktop for iPhone

FileZilla Client 3.5.1

Google Chrome

Intel® Management Engine Components

Java Auto Updater

Java 6 Update 22

Java 6 Update 30

Junk Mail filter update

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.60.1.1000

McAfee Agent

McAfee VirusScan Enterprise

Microsoft Choice Guard

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 9.0.1 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

OpenOffice.org 3.3

QuickBooks

QuickBooks Pro 2009

QuickTime

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE 10.3

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

SupportSoft Assisted Service

Synergy

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Xerox DocuMate 510 Driver

ZaPrompt Pro 2.0

.

==== Event Viewer Messages From Past Week ========

.

2/8/2012 9:27:32 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.25.157 with the system having network hardware address 00-04-F2-11-75-EA. Network operations on this system may be disrupted as a result.

2/8/2012 9:09:21 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.25.103 with the system having network hardware address 00-04-F2-13-B7-94. Network operations on this system may be disrupted as a result.

2/8/2012 9:09:17 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

2/14/2012 3:01:42 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.25.130 with the system having network hardware address F0-DE-F1-A9-D1-32. Network operations on this system may be disrupted as a result.

2/14/2012 3:00:46 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain MAIDPRO due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

2/14/2012 2:58:15 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

2/14/2012 2:57:20 PM, Error: NETLOGON [3210] - This computer could not authenticate with \\MAIDPRODC.maidpro.local, a Windows domain controller for domain MAIDPRO, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.

2/14/2012 12:55:43 PM, Error: NETLOGON [3210] - This computer could not authenticate with \\MAIDPRODC, a Windows domain controller for domain MAIDPRO, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.

2/14/2012 11:07:38 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

2/14/2012 10:11:47 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

2/14/2012 10:10:24 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/14/2012 10:09:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/14/2012 10:09:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/14/2012 10:09:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/14/2012 10:09:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/14/2012 10:09:07 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21

2/14/2012 10:08:49 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache mfehidk spldr vpcvmm Wanarpv6

2/14/2012 10:08:48 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

2/14/2012 10:08:48 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

2/14/2012 10:07:45 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

2/14/2012 1:18:43 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

2/13/2012 1:13:21 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

2/13/2012 1:13:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

2/13/2012 1:13:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

2/13/2012 1:12:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

2/13/2012 1:12:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

2/13/2012 1:12:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfetdik NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf

2/13/2012 1:12:24 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

2/13/2012 1:12:24 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/13/2012 1:12:24 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/13/2012 1:12:24 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/13/2012 1:12:24 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/13/2012 1:12:23 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/13/2012 1:12:23 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/13/2012 1:12:23 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

2/13/2012 1:12:23 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.

2/13/2012 1:12:23 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/13/2012 1:12:23 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/10/2012 9:43:36 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e6bf6b, 0x0000000000000000, 0x000000007ef50000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021012-32323-01.

2/10/2012 8:49:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc40007248, 0xffffffffc000000e, 0x000000011f4c2860, 0xfffff88000e49d10). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021012-57782-01.

.

==== End Of File ===========================

MrCharlie · February 14, 2012

Welcome to the forum.

Please remove any usb or external drives from the computer before you run these scan!

Please download and run RogueKiller.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

klouf · February 15, 2012

RogueKiller V7.1.0 [02/15/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: Administrator [Admin rights]

Mode: Scan -- Date: 02/15/2012 09:13:01

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEKT-75KA9T0 +++++

--- User ---

[MBR] 2a5de2b1138dfcb8026f238cfdc23bbd

[bSP] 2443d7138d44605c205800f5c869ff21 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13090 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26890240 | Size: 463809 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 677259e3f08b4055b0b5fe8d8e8d9b68

[bSP] 1cfe629acbbcc3e37a00abeb6e70b497 : PiHar MBR Code!

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13090 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26890240 | Size: 463809 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] 677259e3f08b4055b0b5fe8d8e8d9b68

[bSP] 1cfe629acbbcc3e37a00abeb6e70b497 : PiHar MBR Code!

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 13090 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26890240 | Size: 463809 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · February 15, 2012

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

klouf · February 15, 2012

Just to note, McAfee VirusScan Enterprise deleted the stuff that TDSSKiller quarantined...

09:49:50.0766 6652 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52

09:49:50.0922 6652 ============================================================

09:49:50.0922 6652 Current date / time: 2012/02/15 09:49:50.0922

09:49:50.0922 6652 SystemInfo:

09:49:50.0922 6652

09:49:50.0922 6652 OS Version: 6.1.7600 ServicePack: 0.0

09:49:50.0922 6652 Product type: Workstation

09:49:50.0922 6652 ComputerName: MP-LAPTOP4

09:49:50.0922 6652 UserName: Administrator

09:49:50.0922 6652 Windows directory: C:\Windows

09:49:50.0922 6652 System windows directory: C:\Windows

09:49:50.0922 6652 Running under WOW64

09:49:50.0922 6652 Processor architecture: Intel x64

09:49:50.0922 6652 Number of processors: 8

09:49:50.0922 6652 Page size: 0x1000

09:49:50.0922 6652 Boot type: Normal boot

09:49:50.0922 6652 ============================================================

09:49:51.0795 6652 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:49:51.0811 6652 \Device\Harddisk0\DR0:

09:49:51.0811 6652 MBR used

09:49:51.0811 6652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1991000

09:49:51.0811 6652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x19A5000, BlocksNum 0x389E0800

09:49:51.0826 6652 Initialize success

09:49:51.0826 6652 ============================================================

09:50:10.0812 4532 ============================================================

09:50:10.0812 4532 Scan started

09:50:10.0812 4532 Mode: Manual; SigCheck; TDLFS;

09:50:10.0812 4532 ============================================================

09:50:11.0919 4532 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\drivers\1394ohci.sys

09:50:12.0044 4532 1394ohci - ok

09:50:12.0060 4532 Acceler (aedb94a49236f5ff060c90e09e70281f) C:\Windows\system32\DRIVERS\Accelern.sys

09:50:12.0106 4532 Acceler - ok

09:50:12.0138 4532 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys

09:50:12.0184 4532 ACPI - ok

09:50:12.0200 4532 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys

09:50:12.0216 4532 AcpiPmi - ok

09:50:12.0294 4532 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

09:50:12.0325 4532 adp94xx - ok

09:50:12.0356 4532 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

09:50:12.0372 4532 adpahci - ok

09:50:12.0387 4532 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

09:50:12.0403 4532 adpu320 - ok

09:50:12.0465 4532 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

09:50:12.0543 4532 AFD - ok

09:50:12.0559 4532 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

09:50:12.0559 4532 agp440 - ok

09:50:12.0574 4532 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

09:50:12.0590 4532 aliide - ok

09:50:12.0606 4532 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

09:50:12.0621 4532 amdide - ok

09:50:12.0637 4532 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

09:50:12.0652 4532 AmdK8 - ok

09:50:12.0668 4532 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

09:50:12.0684 4532 AmdPPM - ok

09:50:12.0699 4532 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

09:50:12.0715 4532 amdsata - ok

09:50:12.0730 4532 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

09:50:12.0746 4532 amdsbs - ok

09:50:12.0762 4532 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

09:50:12.0777 4532 amdxata - ok

09:50:12.0793 4532 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

09:50:12.0824 4532 AppID - ok

09:50:12.0871 4532 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

09:50:12.0902 4532 arc - ok

09:50:12.0918 4532 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

09:50:12.0933 4532 arcsas - ok

09:50:13.0042 4532 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

09:50:13.0089 4532 AsyncMac - ok

09:50:13.0136 4532 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

09:50:13.0167 4532 atapi - ok

09:50:13.0183 4532 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

09:50:13.0261 4532 b06bdrv - ok

09:50:13.0276 4532 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

09:50:13.0292 4532 b57nd60a - ok

09:50:13.0354 4532 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys

09:50:13.0386 4532 BCM42RLY - ok

09:50:13.0479 4532 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys

09:50:13.0573 4532 BCM43XX - ok

09:50:13.0604 4532 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

09:50:13.0635 4532 Beep - ok

09:50:13.0666 4532 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

09:50:13.0713 4532 blbdrive - ok

09:50:13.0760 4532 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

09:50:13.0822 4532 bowser - ok

09:50:13.0838 4532 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

09:50:13.0854 4532 BrFiltLo - ok

09:50:13.0869 4532 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

09:50:13.0885 4532 BrFiltUp - ok

09:50:13.0900 4532 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

09:50:13.0947 4532 Brserid - ok

09:50:13.0963 4532 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

09:50:13.0978 4532 BrSerWdm - ok

09:50:13.0994 4532 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

09:50:14.0025 4532 BrUsbMdm - ok

09:50:14.0025 4532 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

09:50:14.0041 4532 BrUsbSer - ok

09:50:14.0166 4532 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

09:50:14.0212 4532 BthEnum - ok

09:50:14.0244 4532 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

09:50:14.0259 4532 BTHMODEM - ok

09:50:14.0275 4532 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

09:50:14.0306 4532 BthPan - ok

09:50:14.0322 4532 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys

09:50:14.0337 4532 BTHPORT - ok

09:50:14.0368 4532 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys

09:50:14.0384 4532 BTHUSB - ok

09:50:14.0415 4532 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys

09:50:14.0431 4532 btwaudio - ok

09:50:14.0431 4532 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys

09:50:14.0446 4532 btwavdt - ok

09:50:14.0478 4532 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

09:50:14.0493 4532 btwl2cap - ok

09:50:14.0509 4532 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys

09:50:14.0509 4532 btwrchid - ok

09:50:14.0524 4532 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

09:50:14.0556 4532 cdfs - ok

09:50:14.0602 4532 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\drivers\cdrom.sys

09:50:14.0649 4532 cdrom - ok

09:50:14.0680 4532 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

09:50:14.0727 4532 circlass - ok

09:50:14.0758 4532 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

09:50:14.0805 4532 CLFS - ok

09:50:14.0836 4532 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

09:50:14.0883 4532 CmBatt - ok

09:50:14.0899 4532 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

09:50:14.0914 4532 cmdide - ok

09:50:14.0946 4532 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

09:50:14.0992 4532 CNG - ok

09:50:15.0008 4532 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

09:50:15.0055 4532 Compbatt - ok

09:50:15.0086 4532 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys

09:50:15.0117 4532 CompositeBus - ok

09:50:15.0133 4532 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

09:50:15.0148 4532 crcdisk - ok

09:50:15.0180 4532 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

09:50:15.0211 4532 CSC - ok

09:50:15.0242 4532 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

09:50:15.0320 4532 CtClsFlt - ok

09:50:15.0351 4532 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

09:50:15.0382 4532 CVirtA - ok

09:50:15.0445 4532 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys

09:50:15.0476 4532 CVPNDRVA - ok

09:50:15.0492 4532 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

09:50:15.0538 4532 DfsC - ok

09:50:15.0554 4532 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

09:50:15.0585 4532 discache - ok

09:50:15.0632 4532 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

09:50:15.0663 4532 Disk - ok

09:50:15.0679 4532 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

09:50:15.0694 4532 DNE - ok

09:50:15.0726 4532 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

09:50:15.0757 4532 drmkaud - ok

09:50:15.0788 4532 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

09:50:15.0835 4532 DXGKrnl - ok

09:50:15.0928 4532 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

09:50:16.0022 4532 ebdrv - ok

09:50:16.0069 4532 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

09:50:16.0116 4532 elxstor - ok

09:50:16.0131 4532 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

09:50:16.0147 4532 ErrDev - ok

09:50:16.0178 4532 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

09:50:16.0209 4532 exfat - ok

09:50:16.0225 4532 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

09:50:16.0272 4532 fastfat - ok

09:50:16.0303 4532 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

09:50:16.0318 4532 fdc - ok

09:50:16.0334 4532 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

09:50:16.0350 4532 FileInfo - ok

09:50:16.0365 4532 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

09:50:16.0412 4532 Filetrace - ok

09:50:16.0428 4532 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

09:50:16.0443 4532 flpydisk - ok

09:50:16.0459 4532 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

09:50:16.0474 4532 FltMgr - ok

09:50:16.0506 4532 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

09:50:16.0506 4532 FsDepends - ok

09:50:16.0537 4532 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

09:50:16.0537 4532 Fs_Rec - ok

09:50:16.0584 4532 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

09:50:16.0615 4532 fvevol - ok

09:50:16.0646 4532 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

09:50:16.0662 4532 gagp30kx - ok

09:50:16.0693 4532 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

09:50:16.0708 4532 GEARAspiWDM - ok

09:50:16.0724 4532 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

09:50:16.0771 4532 hcw85cir - ok

09:50:16.0818 4532 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys

09:50:16.0880 4532 HDAudBus - ok

09:50:16.0911 4532 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

09:50:16.0942 4532 HECIx64 - ok

09:50:16.0958 4532 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

09:50:16.0974 4532 HidBatt - ok

09:50:16.0989 4532 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

09:50:17.0052 4532 HidBth - ok

09:50:17.0083 4532 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

09:50:17.0130 4532 HidIr - ok

09:50:17.0161 4532 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys

09:50:17.0239 4532 HidUsb - ok

09:50:17.0286 4532 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys

09:50:17.0317 4532 HpSAMD - ok

09:50:17.0348 4532 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

09:50:17.0379 4532 HTTP - ok

09:50:17.0395 4532 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

09:50:17.0410 4532 hwpolicy - ok

09:50:17.0426 4532 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

09:50:17.0442 4532 i8042prt - ok

09:50:17.0488 4532 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

09:50:17.0535 4532 iaStor - ok

09:50:17.0566 4532 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

09:50:17.0582 4532 iaStorV - ok

09:50:17.0598 4532 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

09:50:17.0613 4532 iirsp - ok

09:50:17.0629 4532 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

09:50:17.0644 4532 intelide - ok

09:50:17.0676 4532 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

09:50:17.0691 4532 intelppm - ok

09:50:17.0722 4532 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:50:17.0800 4532 IpFilterDriver - ok

09:50:17.0816 4532 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys

09:50:17.0832 4532 IPMIDRV - ok

09:50:17.0847 4532 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

09:50:17.0878 4532 IPNAT - ok

09:50:17.0941 4532 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

09:50:17.0972 4532 IRENUM - ok

09:50:17.0988 4532 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

09:50:18.0003 4532 isapnp - ok

09:50:18.0019 4532 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys

09:50:18.0034 4532 iScsiPrt - ok

09:50:18.0066 4532 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

09:50:18.0081 4532 kbdclass - ok

09:50:18.0097 4532 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys

09:50:18.0159 4532 kbdhid - ok

09:50:18.0190 4532 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

09:50:18.0222 4532 KSecDD - ok

09:50:18.0237 4532 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

09:50:18.0253 4532 KSecPkg - ok

09:50:18.0268 4532 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

09:50:18.0300 4532 ksthunk - ok

09:50:18.0346 4532 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

09:50:18.0409 4532 lltdio - ok

09:50:18.0456 4532 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

09:50:18.0487 4532 LSI_FC - ok

09:50:18.0502 4532 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

09:50:18.0518 4532 LSI_SAS - ok

09:50:18.0534 4532 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

09:50:18.0549 4532 LSI_SAS2 - ok

09:50:18.0565 4532 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

09:50:18.0580 4532 LSI_SCSI - ok

09:50:18.0596 4532 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

09:50:18.0643 4532 luafv - ok

09:50:18.0674 4532 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

09:50:18.0721 4532 MBAMProtector - ok

09:50:18.0768 4532 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

09:50:18.0783 4532 megasas - ok

09:50:18.0799 4532 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

09:50:18.0814 4532 MegaSR - ok

09:50:18.0846 4532 mfeapfk (12ad015f8c2c109c6a74d25da94607fe) C:\Windows\system32\drivers\mfeapfk.sys

09:50:18.0877 4532 mfeapfk - ok

09:50:18.0908 4532 mfeavfk (dd17753ad5fa52f3bcd3b512934690c4) C:\Windows\system32\drivers\mfeavfk.sys

09:50:18.0939 4532 mfeavfk - ok

09:50:18.0970 4532 mfehidk (3ba96b0584ad024f03eb9835d45619c2) C:\Windows\system32\drivers\mfehidk.sys

09:50:18.0986 4532 mfehidk - ok

09:50:19.0002 4532 mferkdet (158c24a8ed5f2cab71a86fd775bc1727) C:\Windows\system32\drivers\mferkdet.sys

09:50:19.0048 4532 mferkdet - ok

09:50:19.0064 4532 mfetdik (6cfff53e82808268dd61ab4790a36426) C:\Windows\system32\drivers\mfetdik.sys

09:50:19.0111 4532 mfetdik - ok

09:50:19.0126 4532 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

09:50:19.0158 4532 Modem - ok

09:50:19.0220 4532 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

09:50:19.0267 4532 monitor - ok

09:50:19.0298 4532 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

09:50:19.0329 4532 mouclass - ok

09:50:19.0345 4532 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

09:50:19.0376 4532 mouhid - ok

09:50:19.0392 4532 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

09:50:19.0407 4532 mountmgr - ok

09:50:19.0438 4532 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys

09:50:19.0470 4532 mpio - ok

09:50:19.0485 4532 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

09:50:19.0516 4532 mpsdrv - ok

09:50:19.0548 4532 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

09:50:19.0563 4532 MRxDAV - ok

09:50:19.0594 4532 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:50:19.0626 4532 mrxsmb - ok

09:50:19.0657 4532 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:50:19.0672 4532 mrxsmb10 - ok

09:50:19.0704 4532 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:50:19.0719 4532 mrxsmb20 - ok

09:50:19.0735 4532 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\drivers\msahci.sys

09:50:19.0750 4532 msahci - ok

09:50:19.0782 4532 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys

09:50:19.0797 4532 msdsm - ok

09:50:19.0828 4532 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

09:50:19.0875 4532 Msfs - ok

09:50:19.0891 4532 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

09:50:19.0922 4532 mshidkmdf - ok

09:50:19.0938 4532 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

09:50:19.0953 4532 msisadrv - ok

09:50:19.0984 4532 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

09:50:20.0016 4532 MSKSSRV - ok

09:50:20.0031 4532 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

09:50:20.0062 4532 MSPCLOCK - ok

09:50:20.0078 4532 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

09:50:20.0125 4532 MSPQM - ok

09:50:20.0156 4532 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

09:50:20.0187 4532 MsRPC - ok

09:50:20.0218 4532 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

09:50:20.0234 4532 mssmbios - ok

09:50:20.0250 4532 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

09:50:20.0281 4532 MSTEE - ok

09:50:20.0296 4532 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

09:50:20.0328 4532 MTConfig - ok

09:50:20.0343 4532 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

09:50:20.0359 4532 Mup - ok

09:50:20.0390 4532 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

09:50:20.0437 4532 NativeWifiP - ok

09:50:20.0468 4532 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

09:50:20.0515 4532 NDIS - ok

09:50:20.0530 4532 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

09:50:20.0577 4532 NdisCap - ok

09:50:20.0593 4532 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

09:50:20.0624 4532 NdisTapi - ok

09:50:20.0640 4532 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

09:50:20.0671 4532 Ndisuio - ok

09:50:20.0686 4532 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

09:50:20.0733 4532 NdisWan - ok

09:50:20.0749 4532 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

09:50:20.0811 4532 NDProxy - ok

09:50:20.0811 4532 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

09:50:20.0858 4532 NetBIOS - ok

09:50:20.0874 4532 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

09:50:20.0905 4532 NetBT - ok

09:50:20.0952 4532 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

09:50:20.0983 4532 nfrd960 - ok

09:50:21.0014 4532 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

09:50:21.0045 4532 Npfs - ok

09:50:21.0061 4532 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

09:50:21.0092 4532 nsiproxy - ok

09:50:21.0154 4532 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

09:50:21.0232 4532 Ntfs - ok

09:50:21.0248 4532 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

09:50:21.0279 4532 Null - ok

09:50:21.0310 4532 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys

09:50:21.0310 4532 NVHDA - ok

09:50:21.0529 4532 nvlddmkm (056d8b45fd4869947045bdc25e8734df) C:\Windows\system32\DRIVERS\nvlddmkm.sys

09:50:21.0794 4532 nvlddmkm - ok

09:50:21.0841 4532 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

09:50:21.0872 4532 nvraid - ok

09:50:21.0888 4532 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

09:50:21.0903 4532 nvstor - ok

09:50:21.0934 4532 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

09:50:21.0966 4532 nv_agp - ok

09:50:21.0997 4532 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

09:50:22.0012 4532 ohci1394 - ok

09:50:22.0059 4532 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

09:50:22.0075 4532 Parport - ok

09:50:22.0090 4532 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

09:50:22.0106 4532 partmgr - ok

09:50:22.0137 4532 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys

09:50:22.0168 4532 pci - ok

09:50:22.0200 4532 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

09:50:22.0231 4532 pciide - ok

09:50:22.0246 4532 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

09:50:22.0278 4532 pcmcia - ok

09:50:22.0293 4532 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

09:50:22.0309 4532 pcw - ok

09:50:22.0340 4532 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

09:50:22.0371 4532 PEAUTH - ok

09:50:22.0418 4532 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

09:50:22.0449 4532 PptpMiniport - ok

09:50:22.0465 4532 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

09:50:22.0480 4532 Processor - ok

09:50:22.0512 4532 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

09:50:22.0590 4532 Psched - ok

09:50:22.0605 4532 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

09:50:22.0636 4532 PxHlpa64 - ok

09:50:22.0699 4532 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

09:50:22.0777 4532 ql2300 - ok

09:50:22.0808 4532 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

09:50:22.0824 4532 ql40xx - ok

09:50:22.0855 4532 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

09:50:22.0886 4532 QWAVEdrv - ok

09:50:22.0902 4532 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

09:50:22.0933 4532 RasAcd - ok

09:50:22.0964 4532 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

09:50:22.0995 4532 RasAgileVpn - ok

09:50:23.0011 4532 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:50:23.0042 4532 Rasl2tp - ok

09:50:23.0058 4532 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

09:50:23.0104 4532 RasPppoe - ok

09:50:23.0104 4532 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

09:50:23.0151 4532 RasSstp - ok

09:50:23.0167 4532 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

09:50:23.0229 4532 rdbss - ok

09:50:23.0245 4532 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

09:50:23.0276 4532 rdpbus - ok

09:50:23.0292 4532 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:50:23.0354 4532 RDPCDD - ok

09:50:23.0370 4532 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

09:50:23.0385 4532 RDPDR - ok

09:50:23.0401 4532 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

09:50:23.0432 4532 RDPENCDD - ok

09:50:23.0448 4532 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

09:50:23.0479 4532 RDPREFMP - ok

09:50:23.0510 4532 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

09:50:23.0541 4532 RDPWD - ok

09:50:23.0557 4532 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

09:50:23.0604 4532 rdyboost - ok

09:50:23.0635 4532 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

09:50:23.0666 4532 RFCOMM - ok

09:50:23.0697 4532 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys

09:50:23.0713 4532 rimspci - ok

09:50:23.0744 4532 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys

09:50:23.0775 4532 risdpcie - ok

09:50:23.0791 4532 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys

09:50:23.0822 4532 rixdpcie - ok

09:50:23.0838 4532 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

09:50:23.0884 4532 rspndr - ok

09:50:23.0931 4532 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys

09:50:23.0962 4532 RTL8167 - ok

09:50:23.0994 4532 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\drivers\vms3cap.sys

09:50:24.0040 4532 s3cap - ok

09:50:24.0072 4532 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys

09:50:24.0087 4532 sbp2port - ok

09:50:24.0103 4532 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

09:50:24.0134 4532 scfilter - ok

09:50:24.0181 4532 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

09:50:24.0259 4532 secdrv - ok

09:50:24.0352 4532 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

09:50:24.0446 4532 Serenum - ok

09:50:24.0462 4532 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

09:50:24.0508 4532 Serial - ok

09:50:24.0540 4532 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

09:50:24.0571 4532 sermouse - ok

09:50:24.0586 4532 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

09:50:24.0618 4532 sffdisk - ok

09:50:24.0633 4532 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

09:50:24.0664 4532 sffp_mmc - ok

09:50:24.0664 4532 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys

09:50:24.0696 4532 sffp_sd - ok

09:50:24.0711 4532 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

09:50:24.0727 4532 sfloppy - ok

09:50:24.0758 4532 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

09:50:24.0774 4532 SiSRaid2 - ok

09:50:24.0789 4532 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

09:50:24.0805 4532 SiSRaid4 - ok

09:50:24.0836 4532 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

09:50:24.0883 4532 Smb - ok

09:50:24.0914 4532 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

09:50:24.0930 4532 spldr - ok

09:50:24.0961 4532 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

09:50:24.0992 4532 srv - ok

09:50:25.0023 4532 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

09:50:25.0054 4532 srv2 - ok

09:50:25.0086 4532 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

09:50:25.0117 4532 srvnet - ok

09:50:25.0164 4532 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys

09:50:25.0195 4532 stdcfltn - ok

09:50:25.0226 4532 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

09:50:25.0257 4532 stexstor - ok

09:50:25.0288 4532 STHDA (3fe584503dc68cd206143bc334c43484) C:\Windows\system32\DRIVERS\stwrt64.sys

09:50:25.0382 4532 STHDA - ok

09:50:25.0444 4532 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\drivers\vmstorfl.sys

09:50:25.0476 4532 storflt - ok

09:50:25.0491 4532 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\drivers\storvsc.sys

09:50:25.0507 4532 storvsc - ok

09:50:25.0538 4532 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

09:50:25.0554 4532 swenum - ok

09:50:25.0600 4532 SynTP (e5d73228176c9f69072d1f91ced83484) C:\Windows\system32\DRIVERS\SynTP.sys

09:50:25.0616 4532 SynTP - ok

09:50:25.0694 4532 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

09:50:25.0756 4532 Tcpip - ok

09:50:25.0819 4532 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

09:50:25.0850 4532 TCPIP6 - ok

09:50:25.0866 4532 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

09:50:25.0897 4532 tcpipreg - ok

09:50:25.0928 4532 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

09:50:25.0959 4532 TDPIPE - ok

09:50:25.0975 4532 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

09:50:26.0006 4532 TDTCP - ok

09:50:26.0037 4532 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

09:50:26.0068 4532 tdx - ok

09:50:26.0084 4532 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys

09:50:26.0100 4532 TermDD - ok

09:50:26.0131 4532 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:50:26.0162 4532 tssecsrv - ok

09:50:26.0193 4532 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

09:50:26.0240 4532 tunnel - ok

09:50:26.0256 4532 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

09:50:26.0271 4532 uagp35 - ok

09:50:26.0287 4532 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys

09:50:26.0334 4532 udfs - ok

09:50:26.0365 4532 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

09:50:26.0380 4532 uliagpkx - ok

09:50:26.0412 4532 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\drivers\umbus.sys

09:50:26.0427 4532 umbus - ok

09:50:26.0443 4532 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

09:50:26.0474 4532 UmPass - ok

09:50:26.0521 4532 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

09:50:26.0583 4532 USBAAPL64 - ok

09:50:26.0599 4532 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

09:50:26.0630 4532 usbccgp - ok

09:50:26.0661 4532 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

09:50:26.0677 4532 usbcir - ok

09:50:26.0708 4532 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys

09:50:26.0755 4532 usbehci - ok

09:50:26.0770 4532 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

09:50:26.0817 4532 usbhub - ok

09:50:26.0833 4532 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys

09:50:26.0848 4532 usbohci - ok

09:50:26.0864 4532 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

09:50:26.0880 4532 usbprint - ok

09:50:26.0911 4532 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

09:50:26.0926 4532 usbscan - ok

09:50:26.0958 4532 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS

09:50:27.0004 4532 USBSTOR - ok

09:50:27.0020 4532 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys

09:50:27.0067 4532 usbuhci - ok

09:50:27.0082 4532 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

09:50:27.0114 4532 usbvideo - ok

09:50:27.0145 4532 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

09:50:27.0160 4532 vdrvroot - ok

09:50:27.0176 4532 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

09:50:27.0192 4532 vga - ok

09:50:27.0207 4532 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

09:50:27.0238 4532 VgaSave - ok

09:50:27.0270 4532 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys

09:50:27.0285 4532 vhdmp - ok

09:50:27.0316 4532 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

09:50:27.0316 4532 viaide - ok

09:50:27.0348 4532 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\drivers\vmbus.sys

09:50:27.0363 4532 vmbus - ok

09:50:27.0394 4532 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\drivers\VMBusHID.sys

09:50:27.0410 4532 VMBusHID - ok

09:50:27.0441 4532 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys

09:50:27.0457 4532 volmgr - ok

09:50:27.0472 4532 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

09:50:27.0488 4532 volmgrx - ok

09:50:27.0519 4532 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys

09:50:27.0535 4532 volsnap - ok

09:50:27.0550 4532 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys

09:50:27.0566 4532 vpcbus - ok

09:50:27.0582 4532 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys

09:50:27.0597 4532 vpcnfltr - ok

09:50:27.0613 4532 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys

09:50:27.0628 4532 vpcusb - ok

09:50:27.0644 4532 vpcvmm (a5d16559d80cfa1dcb98f46410be5551) C:\Windows\system32\drivers\vpcvmm.sys

09:50:27.0660 4532 vpcvmm - ok

09:50:27.0691 4532 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

09:50:27.0706 4532 vsmraid - ok

09:50:27.0738 4532 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

09:50:27.0753 4532 vwifibus - ok

09:50:27.0784 4532 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

09:50:27.0816 4532 vwififlt - ok

09:50:27.0847 4532 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

09:50:27.0909 4532 vwifimp - ok

09:50:27.0940 4532 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

09:50:27.0956 4532 WacomPen - ok

09:50:27.0987 4532 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

09:50:28.0034 4532 WANARP - ok

09:50:28.0034 4532 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

09:50:28.0081 4532 Wanarpv6 - ok

09:50:28.0112 4532 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

09:50:28.0128 4532 Wd - ok

09:50:28.0159 4532 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

09:50:28.0190 4532 Wdf01000 - ok

09:50:28.0221 4532 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

09:50:28.0252 4532 WfpLwf - ok

09:50:28.0252 4532 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

09:50:28.0268 4532 WIMMount - ok

09:50:28.0315 4532 WinUSB (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUSB.sys

09:50:28.0346 4532 WinUSB - ok

09:50:28.0377 4532 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

09:50:28.0393 4532 WmiAcpi - ok

09:50:28.0424 4532 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

09:50:28.0455 4532 ws2ifsl - ok

09:50:28.0486 4532 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

09:50:28.0533 4532 WSDPrintDevice - ok

09:50:28.0580 4532 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys

09:50:28.0596 4532 WudfPf - ok

09:50:28.0611 4532 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys

09:50:28.0642 4532 WUDFRd - ok

09:50:28.0674 4532 MBR (0x1B8) (ae8fa489bdbabb7f15572f885c9ff9ae) \Device\Harddisk0\DR0

09:50:28.0705 4532 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

09:50:28.0705 4532 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

09:50:28.0736 4532 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

09:50:28.0736 4532 \Device\Harddisk0\DR0 - detected TDSS File System (1)

09:50:28.0767 4532 Boot (0x1200) (0f3025cd7f9776046a39959008834724) \Device\Harddisk0\DR0\Partition0

09:50:28.0767 4532 \Device\Harddisk0\DR0\Partition0 - ok

09:50:28.0783 4532 Boot (0x1200) (dde66616c5832dc2ac22e5d5de9820c4) \Device\Harddisk0\DR0\Partition1

09:50:28.0798 4532 \Device\Harddisk0\DR0\Partition1 - ok

09:50:28.0798 4532 ============================================================

09:50:28.0798 4532 Scan finished

09:50:28.0798 4532 ============================================================

09:50:28.0814 1068 Detected object count: 2

09:50:28.0814 1068 Actual detected object count: 2

09:52:02.0847 1068 \Device\Harddisk0\DR0\# - copied to quarantine

09:52:02.0862 1068 \Device\Harddisk0\DR0 - copied to quarantine

09:52:02.0971 1068 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

09:52:12.0004 1068 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

09:52:20.0818 1068 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

09:52:29.0741 1068 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

09:52:38.0508 1068 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

09:52:38.0524 1068 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

09:52:38.0524 1068 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

09:52:38.0539 1068 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

09:52:47.0291 1068 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

09:52:56.0089 1068 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

09:52:56.0136 1068 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

09:52:56.0136 1068 \Device\Harddisk0\DR0 - ok

09:52:56.0136 1068 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

09:52:56.0136 1068 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

09:52:56.0136 1068 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

09:53:16.0900 6148 Deinitialize success

klouf · February 15, 2012

Also, MalwareBytes has detected Trojan.Agent in svchost.exe (again/still), and is asking what to do - Quarantine or Ignore?

MrCharlie · February 15, 2012

Just to note, McAfee VirusScan Enterprise deleted the stuff that TDSSKiller quarantined...

That's OK

------------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

klouf · February 15, 2012

ComboFix 12-02-15.01 - Administrator 02/15/2012 10:26:32.1.8 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4031.2602 [GMT -5:00]

Running from: c:\users\Administrator\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Install.exe

c:\program files (x86)\LP

c:\program files (x86)\LP\275D\13A1.tmp

c:\program files (x86)\LP\275D\164E.tmp

c:\program files (x86)\LP\275D\1BAF.tmp

c:\program files (x86)\LP\275D\2A9E.tmp

c:\program files (x86)\LP\275D\8F95.tmp

c:\program files (x86)\LP\C5ED\6F57.tmp

c:\program files (x86)\LP\C5ED\E4F4.tmp

c:\program files (x86)\LP\C5ED\ECBF.tmp

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

c:\windows\security\Database\tmp.edb

c:\windows\svchost.exe

.

((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))

.

2012-02-15 15:30 . 2012-02-15 15:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-02-15 15:30 . 2012-02-15 15:30 -------- d-----w- c:\users\rmccarthy\AppData\Local\temp

2012-02-15 15:30 . 2012-02-15 15:30 -------- d-----w- c:\users\MP-LAPTOP3-ADMIN\AppData\Local\temp

2012-02-15 15:30 . 2012-02-15 15:30 -------- d-----w- c:\users\klouf\AppData\Local\temp

2012-02-15 15:30 . 2012-02-15 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-15 14:52 . 2012-02-15 14:52 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-14 16:15 . 2011-11-10 10:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-02-14 16:08 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-14 16:05 . 2012-02-14 16:05 -------- d-----w- c:\users\Administrator\AppData\Roaming\Macrovision

2012-02-14 15:54 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A771DF84-5FA4-4053-B931-7460803FDA1F}\mpengine.dll

2012-02-14 15:13 . 2012-02-14 15:13 -------- d-----w- c:\users\MP-LAPTOP3-ADMIN\AppData\Roaming\Apple Computer

2012-02-13 18:53 . 2012-02-14 15:48 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-02-13 18:53 . 2012-02-14 15:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-02-13 18:13 . 2012-02-13 18:13 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes

2012-02-13 18:13 . 2012-02-13 18:13 -------- d-----w- c:\programdata\Malwarebytes

2012-02-13 18:13 . 2012-02-14 16:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-13 16:53 . 2012-02-13 16:53 -------- d--h--w- c:\users\Administrator\AppData\Roaming\DA96F

2012-02-10 13:37 . 2012-02-13 20:07 -------- d--h--w- c:\program files (x86)\6FB99

2012-02-07 13:06 . 2012-02-13 18:54 -------- d--h--w- c:\users\rmccarthy\AppData\Roaming\6FB99

2012-02-07 13:05 . 2012-02-13 20:07 -------- d--h--w- c:\users\rmccarthy\AppData\Roaming\DA96F

2012-02-07 10:52 . 2012-02-15 14:52 -------- d-----w- C:\Quarantine

2012-02-04 08:12 . 2012-02-04 08:12 -------- d-----w- c:\windows\Sun

2012-02-03 00:01 . 2012-02-03 00:01 6656 ---ha-w- c:\programdata\Microsoft\Windows\DRM\E06D.tmp

2012-02-03 00:01 . 2012-02-03 00:01 6656 ---ha-w- c:\programdata\Microsoft\Windows\DRM\E03D.tmp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-14 19:15 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-02-14 19:15 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll

2011-12-07 15:39 . 2011-03-10 16:34 279096 ----a-w- c:\windows\system32\MpSigStub.exe

2011-11-24 05:00 . 2011-12-14 13:51 3141632 ----a-w- c:\windows\system32\win32k.sys

2011-11-19 15:07 . 2012-01-11 17:35 77312 ----a-w- c:\windows\system32\packager.dll

2011-11-19 14:06 . 2012-01-11 17:35 67072 ----a-w- c:\windows\SysWow64\packager.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-09-25 136512]

"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-26 124224]

"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-15 1532760]

"QuickBooksDB19"="c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe" [2009-10-01 131072]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\rmccarthy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 1082144]

QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-6-22 984936]

Synergy.lnk - c:\program files\Synergy\qsynergy.exe [2011-2-5 1026560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R4 QuickBooksDB19;QuickBooksDB19;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2009-10-01 131072]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [2009-03-03 89600]

S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2010-03-26 20792]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]

S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-06-03 1932592]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894398563-4205631423-612160202-500Core.job

- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 03:18]

.

2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1894398563-4205631423-612160202-500UA.job

- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-11 03:18]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-19 16414824]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-02-19 95336]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-15 4119920]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-12-31 5712896]

"combofix"="c:\combofix\CF24389.3XE" [2009-07-14 344576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.25.15 192.168.25.10

FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\9v4ugqy2.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1894398563-4205631423-612160202-500\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (Administrator)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,c5,

08,9e,b8,e5,07,bc,9b,bb,17,88,6f,f8,da

"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,3b,1b,6b,28,bb,

0c,2e,8c,34,0f,8c,88,2f,46,01,4e,e9,4a

"{395610AE-C624-4F58-B89E-23733EA00F9A}"=hex:51,66,7a,6c,4c,1d,3b,1b,be,0f,4c,

29,17,96,3e,0a,a1,93,62,33,3a,e1,4a,83

"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,3b,1b,b0,ca,a8,

6d,72,22,1f,0b,af,80,22,49,f4,5d,17,28

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,2a,

80,31,1c,d9,0f,97,c1,10,24,72,49,26,df

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e9,

a4,12,5e,3f,0c,a3,2f,03,f3,04,cf,47,e6

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d2,

cb,76,f4,3d,06,a5,79,dd,65,c5,84,cd,b0

.

[HKEY_USERS\S-1-5-21-1894398563-4205631423-612160202-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (Administrator)

"Timestamp"=hex:b5,32,e2,cd,1b,e3,cb,01

.

[HKEY_USERS\S-1-5-21-1894398563-4205631423-612160202-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,74,68,9b,2f,aa,82,4c,87,74,34,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,74,68,9b,2f,aa,82,4c,87,74,34,\

.

[HKEY_USERS\S-1-5-21-1894398563-4205631423-612160202-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-1894398563-4205631423-612160202-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-1894398563-4205631423-612160202-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-1894398563-4205631423-612160202-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-1894398563-4205631423-612160202-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Network Associates]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe

c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files (x86)\Visioneer\OneTouch 4.0\OtService.exe

c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe

c:\program files (x86)\McAfee\Common Framework\McTray.exe

c:\program files (x86)\McAfee\VirusScan Enterprise\mcconsol.exe

.

**************************************************************************

.

Completion time: 2012-02-15 10:39:43 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-15 15:39

.

Pre-Run: 413,928,775,680 bytes free

Post-Run: 418,397,204,480 bytes free

.

- - End Of File - - B63C6193E2AD2F381C929A7B8D6E3CF3

MrCharlie · February 15, 2012

Please enable hidden files:

http://www.bleepingc...s-in-windows-7/

Take a look at these folders and see what's in them and do you recognize them, if not please delete them:

c:\users\Administrator\AppData\Roaming\DA96F

c:\program files (x86)\6FB99

c:\users\rmccarthy\AppData\Roaming\6FB99

c:\users\rmccarthy\AppData\Roaming\DA96F

------------------------

Then......

Please Update and run a Quick Scan with MBAM, post the report.

Please let me know how it is, MrC

klouf · February 15, 2012

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.15.03

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Administrator :: MP-LAPTOP4 [administrator]

Protection: Disabled

2/15/2012 11:59:47 AM

mbam-log-2012-02-15 (11-59-47).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 242321

Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MrCharlie · February 15, 2012

How's it running?? MrC

klouf · February 15, 2012

Seems to be cleaned. No more malicious website attempt notifications by MBAM, and no more malware detection notifications by MBAM or McAfee VSE.

Thank you for all your help!

MrCharlie · February 15, 2012

Good

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

-----------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

klouf · February 15, 2012

Excellent - thanks again!

LDTate · February 16, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Trojan.Alert/svchost.exe

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information