Jump to content

Recommended Posts

Help! I have developed big problems in my personal Thinkpad T400 laptop, rendering it useless at the moment.

As background, the laptop has McAfee Security Scan Plus software, and Symantec Endpoint protection software, each of which I believe came with the machine when I bought it a number of years ago. However, I don't believe I've updated these, and I don't typically run antivirus scans. My machine was infected with some sort of malware last year, and one of the IT guys at work suggested Malwarebytes, which I now have installed on the laptop, and which helped clear things up last time.

Here's what is happening - and everything I describe below is still happening even though I have booted up in Safe Mode w/Networking.

If I try to open a browser (I use Firefox mainly), the browser doesn't open and, instead, I get a "Win 7 Home Security Firewall Alert" popup alert written in improper English telling me that my system is infected with a trojan and seeking to have me activate Win 7 Home Security. I also have a Win 7 Home Security badge-type icon in my system tray that keeps popping up warnings that my system is hijacked. If I close the popups, I can ultimately open Firefox, but I get redirected to a page that tells me that visiting the requested site may be dangerous, and trying to get me to buy Win 7 Home Security. I believe there may also be other popups (I'm on a different computer now).

Malwarebytes won't run, and I can't download Avira. Basically, I haven't been able to do any of the self help steps I read about in the forum because, for all intents and purposes, I can't operate the laptop. I brought the laptop into work today with the hope that I'll be able to get some help on this forum.

Thanks in advance, Mike

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Hello and THANK YOU for your help. I booted up the computer normally (not in safe mode) and the computer asked me to allow Malwarebytes to make a change, so I did. The laptop seemed to be working again, so I was able to launch Firefox, download the items you mention and run the scans.

Here is the TDSSKiller log:

2011/05/18 22:36:22.0660 3044 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29

2011/05/18 22:36:22.0909 3044 ================================================================================

2011/05/18 22:36:22.0909 3044 SystemInfo:

2011/05/18 22:36:22.0909 3044

2011/05/18 22:36:22.0909 3044 OS Version: 6.1.7600 ServicePack: 0.0

2011/05/18 22:36:22.0909 3044 Product type: Workstation

2011/05/18 22:36:22.0909 3044 ComputerName: DEADFAN-PC

2011/05/18 22:36:22.0909 3044 UserName: deadfan

2011/05/18 22:36:22.0909 3044 Windows directory: C:\Windows

2011/05/18 22:36:22.0909 3044 System windows directory: C:\Windows

2011/05/18 22:36:22.0909 3044 Processor architecture: Intel x86

2011/05/18 22:36:22.0909 3044 Number of processors: 2

2011/05/18 22:36:22.0909 3044 Page size: 0x1000

2011/05/18 22:36:22.0909 3044 Boot type: Normal boot

2011/05/18 22:36:22.0909 3044 ================================================================================

2011/05/18 22:36:25.0109 3044 Initialize success

2011/05/18 22:36:16.0834 0640 ================================================================================

2011/05/18 22:36:16.0834 0640 Scan started

2011/05/18 22:36:16.0834 0640 Mode: Manual;

2011/05/18 22:36:16.0834 0640 ================================================================================

2011/05/18 22:36:26.0648 0640 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/05/18 22:36:27.0194 0640 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2011/05/18 22:36:27.0755 0640 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/05/18 22:36:28.0379 0640 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/05/18 22:36:29.0253 0640 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/05/18 22:36:29.0908 0640 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/05/18 22:36:30.0969 0640 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2011/05/18 22:36:31.0390 0640 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2011/05/18 22:36:31.0920 0640 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/05/18 22:36:32.0700 0640 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2011/05/18 22:36:33.0371 0640 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2011/05/18 22:36:33.0964 0640 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2011/05/18 22:36:34.0557 0640 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/05/18 22:36:35.0072 0640 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/05/18 22:36:35.0493 0640 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

2011/05/18 22:36:35.0883 0640 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/05/18 22:36:36.0569 0640 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

2011/05/18 22:36:36.0944 0640 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2011/05/18 22:36:37.0380 0640 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/05/18 22:36:37.0817 0640 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/05/18 22:36:38.0504 0640 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/05/18 22:36:38.0956 0640 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2011/05/18 22:36:39.0424 0640 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/05/18 22:36:40.0017 0640 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/05/18 22:36:40.0890 0640 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/05/18 22:36:41.0468 0640 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/05/18 22:36:41.0889 0640 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

2011/05/18 22:36:42.0107 0640 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/05/18 22:36:42.0887 0640 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/05/18 22:36:43.0340 0640 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/05/18 22:36:43.0714 0640 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/05/18 22:36:44.0229 0640 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/05/18 22:36:44.0931 0640 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/05/18 22:36:45.0368 0640 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/05/18 22:36:45.0945 0640 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/05/18 22:36:46.0506 0640 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2011/05/18 22:36:47.0006 0640 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/05/18 22:36:47.0427 0640 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/05/18 22:36:47.0973 0640 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/05/18 22:36:48.0534 0640 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2011/05/18 22:36:48.0940 0640 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/05/18 22:36:49.0346 0640 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/05/18 22:36:49.0704 0640 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/05/18 22:36:50.0266 0640 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/05/18 22:36:50.0874 0640 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

2011/05/18 22:36:51.0452 0640 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2011/05/18 22:36:51.0982 0640 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/05/18 22:36:52.0403 0640 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/05/18 22:36:52.0918 0640 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/05/18 22:36:53.0573 0640 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

2011/05/18 22:36:54.0665 0640 e1yexpress (8eef52ad831471e323ee7364a8656d35) C:\Windows\system32\DRIVERS\e1y6032.sys

2011/05/18 22:36:55.0695 0640 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/05/18 22:36:56.0771 0640 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/05/18 22:36:57.0333 0640 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/05/18 22:36:58.0019 0640 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/05/18 22:36:58.0955 0640 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2011/05/18 22:36:59.0408 0640 ewusbnet (82e7eb9f12321052cd9a904b13724ee2) C:\Windows\system32\DRIVERS\ewusbnet.sys

2011/05/18 22:36:59.0782 0640 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/05/18 22:37:00.0141 0640 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/05/18 22:37:00.0531 0640 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/05/18 22:37:00.0968 0640 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/05/18 22:37:01.0358 0640 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/05/18 22:37:01.0748 0640 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/05/18 22:37:02.0387 0640 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/05/18 22:37:02.0840 0640 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/05/18 22:37:03.0448 0640 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/05/18 22:37:04.0400 0640 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2011/05/18 22:37:04.0836 0640 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/05/18 22:37:05.0320 0640 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/05/18 22:37:05.0850 0640 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

2011/05/18 22:37:06.0521 0640 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/05/18 22:37:07.0364 0640 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/05/18 22:37:07.0941 0640 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/05/18 22:37:08.0814 0640 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/05/18 22:37:09.0594 0640 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2011/05/18 22:37:10.0998 0640 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/05/18 22:37:11.0498 0640 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2011/05/18 22:37:12.0075 0640 hwdatacard (348c3a9d01e68a0222a246346924aa55) C:\Windows\system32\DRIVERS\ewusbmdm.sys

2011/05/18 22:37:12.0465 0640 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2011/05/18 22:37:12.0699 0640 hwusbdev (460b1945c3e6b0419a76e1b507b90b71) C:\Windows\system32\DRIVERS\ewusbdev.sys

2011/05/18 22:37:13.0011 0640 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/05/18 22:37:13.0323 0640 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

2011/05/18 22:37:13.0869 0640 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\Windows\system32\DRIVERS\ibmpmdrv.sys

2011/05/18 22:37:15.0101 0640 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/05/18 22:37:15.0663 0640 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/05/18 22:37:16.0115 0640 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2011/05/18 22:37:16.0412 0640 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/05/18 22:37:16.0646 0640 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/05/18 22:37:17.0036 0640 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/05/18 22:37:17.0301 0640 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/05/18 22:37:17.0738 0640 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/05/18 22:37:17.0972 0640 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2011/05/18 22:37:18.0252 0640 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/05/18 22:37:18.0611 0640 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/05/18 22:37:19.0157 0640 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/05/18 22:37:19.0578 0640 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2011/05/18 22:37:19.0828 0640 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2011/05/18 22:37:20.0280 0640 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/05/18 22:37:20.0733 0640 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/05/18 22:37:20.0967 0640 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/05/18 22:37:21.0435 0640 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/05/18 22:37:21.0684 0640 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/05/18 22:37:21.0934 0640 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/05/18 22:37:22.0418 0640 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/05/18 22:37:22.0761 0640 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/05/18 22:37:23.0073 0640 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/05/18 22:37:23.0354 0640 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/05/18 22:37:23.0681 0640 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/05/18 22:37:24.0180 0640 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/05/18 22:37:24.0336 0640 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2011/05/18 22:37:24.0664 0640 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2011/05/18 22:37:24.0789 0640 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/05/18 22:37:25.0226 0640 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2011/05/18 22:37:25.0491 0640 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/05/18 22:37:25.0756 0640 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/05/18 22:37:26.0177 0640 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/05/18 22:37:26.0520 0640 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2011/05/18 22:37:26.0708 0640 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2011/05/18 22:37:26.0801 0640 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/05/18 22:37:26.0895 0640 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/05/18 22:37:27.0004 0640 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/05/18 22:37:27.0191 0640 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/05/18 22:37:27.0394 0640 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/05/18 22:37:27.0534 0640 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/05/18 22:37:27.0768 0640 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/05/18 22:37:28.0002 0640 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/05/18 22:37:28.0564 0640 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/05/18 22:37:28.0892 0640 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/05/18 22:37:29.0235 0640 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/05/18 22:37:29.0547 0640 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/05/18 22:37:29.0890 0640 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110511.018\NAVENG.SYS

2011/05/18 22:37:30.0576 0640 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110511.018\NAVEX15.SYS

2011/05/18 22:37:31.0076 0640 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2011/05/18 22:37:31.0450 0640 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/05/18 22:37:31.0856 0640 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/05/18 22:37:32.0230 0640 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/05/18 22:37:32.0511 0640 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/05/18 22:37:32.0885 0640 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2011/05/18 22:37:33.0338 0640 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/05/18 22:37:33.0681 0640 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2011/05/18 22:37:34.0539 0640 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys

2011/05/18 22:37:34.0976 0640 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/05/18 22:37:35.0319 0640 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/05/18 22:37:35.0459 0640 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/05/18 22:37:35.0849 0640 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

2011/05/18 22:37:36.0099 0640 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/05/18 22:37:36.0458 0640 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

2011/05/18 22:37:36.0754 0640 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

2011/05/18 22:37:36.0910 0640 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/05/18 22:37:37.0004 0640 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/05/18 22:37:37.0362 0640 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/05/18 22:37:37.0643 0640 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2011/05/18 22:37:37.0752 0640 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/05/18 22:37:37.0877 0640 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2011/05/18 22:37:38.0018 0640 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2011/05/18 22:37:38.0205 0640 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/05/18 22:37:38.0579 0640 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\Windows\system32\PCTINDIS5.SYS

2011/05/18 22:37:38.0766 0640 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/05/18 22:37:38.0954 0640 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/05/18 22:37:39.0203 0640 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/05/18 22:37:39.0437 0640 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/05/18 22:37:39.0734 0640 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/05/18 22:37:39.0952 0640 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/05/18 22:37:40.0420 0640 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/05/18 22:37:40.0498 0640 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/05/18 22:37:40.0623 0640 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/05/18 22:37:40.0779 0640 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/05/18 22:37:40.0872 0640 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/05/18 22:37:41.0138 0640 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/05/18 22:37:41.0309 0640 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/05/18 22:37:41.0418 0640 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2011/05/18 22:37:41.0684 0640 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/05/18 22:37:41.0793 0640 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/05/18 22:37:41.0855 0640 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

2011/05/18 22:37:42.0120 0640 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/05/18 22:37:42.0323 0640 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/05/18 22:37:42.0386 0640 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2011/05/18 22:37:42.0526 0640 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2011/05/18 22:37:42.0760 0640 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys

2011/05/18 22:37:43.0103 0640 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/05/18 22:37:43.0275 0640 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

2011/05/18 22:37:43.0587 0640 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/05/18 22:37:43.0774 0640 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2011/05/18 22:37:43.0914 0640 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/05/18 22:37:44.0180 0640 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/05/18 22:37:44.0367 0640 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/05/18 22:37:44.0570 0640 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/05/18 22:37:44.0772 0640 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/05/18 22:37:44.0944 0640 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/05/18 22:37:45.0147 0640 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/05/18 22:37:45.0350 0640 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/05/18 22:37:45.0537 0640 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2011/05/18 22:37:45.0646 0640 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/05/18 22:37:45.0818 0640 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/05/18 22:37:46.0083 0640 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/05/18 22:37:46.0504 0640 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

2011/05/18 22:37:46.0722 0640 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/05/18 22:37:47.0003 0640 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows\system32\Drivers\SRTSP.SYS

2011/05/18 22:37:47.0144 0640 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows\system32\Drivers\SRTSPL.SYS

2011/05/18 22:37:47.0331 0640 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows\system32\Drivers\SRTSPX.SYS

2011/05/18 22:37:47.0456 0640 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys

2011/05/18 22:37:47.0612 0640 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys

2011/05/18 22:37:47.0877 0640 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2011/05/18 22:37:48.0126 0640 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

2011/05/18 22:37:48.0423 0640 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

2011/05/18 22:37:48.0563 0640 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys

2011/05/18 22:37:48.0719 0640 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/05/18 22:37:48.0875 0640 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

2011/05/18 22:37:48.0938 0640 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

2011/05/18 22:37:49.0016 0640 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2011/05/18 22:37:49.0109 0640 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS

2011/05/18 22:37:49.0374 0640 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2011/05/18 22:37:49.0905 0640 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2011/05/18 22:37:50.0076 0640 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2011/05/18 22:37:50.0217 0640 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2011/05/18 22:37:50.0310 0640 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2011/05/18 22:37:50.0404 0640 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2011/05/18 22:37:50.0498 0640 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2011/05/18 22:37:50.0716 0640 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys

2011/05/18 22:37:50.0903 0640 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/05/18 22:37:51.0184 0640 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2011/05/18 22:37:51.0278 0640 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/05/18 22:37:51.0465 0640 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2011/05/18 22:37:51.0730 0640 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/05/18 22:37:51.0870 0640 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2011/05/18 22:37:52.0073 0640 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/05/18 22:37:52.0416 0640 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\drivers\usbccgp.sys

2011/05/18 22:37:52.0806 0640 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2011/05/18 22:37:53.0259 0640 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys

2011/05/18 22:37:53.0586 0640 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys

2011/05/18 22:37:53.0976 0640 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys

2011/05/18 22:37:54.0257 0640 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/05/18 22:37:54.0600 0640 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/05/18 22:37:54.0975 0640 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/05/18 22:37:55.0256 0640 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/05/18 22:37:55.0521 0640 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/05/18 22:37:55.0802 0640 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/05/18 22:37:56.0223 0640 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/05/18 22:37:56.0566 0640 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2011/05/18 22:37:56.0847 0640 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/05/18 22:37:57.0112 0640 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2011/05/18 22:37:57.0455 0640 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

2011/05/18 22:37:57.0798 0640 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

2011/05/18 22:37:58.0110 0640 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/05/18 22:37:58.0422 0640 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/05/18 22:37:58.0750 0640 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2011/05/18 22:37:59.0078 0640 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/05/18 22:37:59.0499 0640 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/05/18 22:37:59.0795 0640 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/05/18 22:38:00.0107 0640 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/18 22:38:00.0138 0640 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/05/18 22:38:00.0684 0640 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/05/18 22:38:01.0012 0640 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/05/18 22:38:01.0542 0640 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/05/18 22:38:01.0761 0640 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/05/18 22:38:02.0229 0640 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/05/18 22:38:02.0603 0640 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/05/18 22:38:03.0056 0640 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/05/18 22:38:03.0399 0640 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2011/05/18 22:38:03.0898 0640 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/05/18 22:38:04.0304 0640 ================================================================================

2011/05/18 22:38:04.0304 0640 Scan finished

2011/05/18 22:38:04.0304 0640 ================================================================================

Here is the MBAM Quickscan log (17 items!):

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6612

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

5/18/2011 10:49:50 PM

mbam-log-2011-05-18 (22-49-50).txt

Scan type: Quick scan

Objects scanned: 136411

Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 10

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\Users\deadfan\AppData\Local\hkeprx.dll (Trojan.Hiloti) -> Delete on reboot.

c:\Users\deadfan\AppData\Local\agiqiruh.dll (Trojan.Agent.U) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Hloce (Trojan.Hiloti) -> Value: Hloce -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Hpokufanero (Trojan.Agent.U) -> Value: Hpokufanero -> Delete on reboot.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\deadfan\AppData\Local\mnr.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\deadfan\AppData\Local\mnr.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\deadfan\AppData\Local\mnr.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\deadfan\AppData\Local\hkeprx.dll (Trojan.Hiloti) -> Delete on reboot.

c:\Users\deadfan\AppData\Local\Temp\0.16083482352409006.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\Users\deadfan\local settings\application data\hkeprx.dll (Trojan.Hiloti) -> Delete on reboot.

c:\Users\deadfan\local settings\application data\mgd.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

c:\Users\deadfan\local settings\application data\mnr.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

c:\Users\deadfan\local settings\temporary internet files\Content.IE5\W8RE0PTU\windows-update-sp4-kb85504-setup[1].exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

c:\Users\deadfan\AppData\Roaming\Adobe\plugs\mmc152.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\deadfan\AppData\Roaming\Adobe\plugs\mmc32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\deadfan\2gweorjqjutp92vjy9gake (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\deadfan\AppData\Local\agiqiruh.dll (Trojan.Agent.U) -> Delete on reboot.

Here is the DDS.txt log:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by deadfan at 22:57:17.15 on Wed 05/18/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1976.1141 [GMT -4:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec Endpoint Protection\Rtvscan.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Symantec Endpoint Protection\SmcGui.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\deadfan\Downloads\dds.scr

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [Google Update] "c:\users\deadfan\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Hpokufanero] rundll32.exe "c:\users\deadfan\appdata\local\agiqiruh.dll",Startup

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [T-Mobile webConnect Manager] "c:\program files\t-mobile\webconnect manager\TMobileCM.exe" -a

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

Trusted Zone: real.com\rhap-app-4-0

Trusted Zone: real.com\rhapreg

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\deadfan\appdata\roaming\mozilla\firefox\profiles\tr9oykg3.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\users\deadfan\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\users\deadfan\appdata\roaming\mozilla\plugins\npicaN.dll

.

============= SERVICES / DRIVERS ===============

.

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec endpoint protection\Rtvscan.exe [2009-10-20 2477304]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-11 105592]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 CATmobile;T-Mobile Con App Svc;c:\program files\t-mobile\webconnect manager\conappssvc.exe [2009-8-13 124184]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2009-7-24 112128]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2009-7-24 100736]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TMobileRcAppSvc;T-Mobile RcApp Svc;c:\program files\t-mobile\webconnect manager\RcAppSvc.exe [2009-8-13 120088]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-4 1343400]

.

=============== Created Last 30 ================

.

2011-05-19 02:34:09 -------- d-----w- c:\users\deadfan\appdata\local\{1C199F69-FD6A-4EF8-8FED-4EE095FF2BF4}

2011-05-13 05:16:24 -------- d-----w- c:\users\deadfan\appdata\local\Panther

2011-05-13 05:16:19 114688 --sha-w- c:\users\deadfan\appdata\local\can.exe

2011-05-13 05:16:19 114688 --sha-w- c:\users\deadfan\appdata\local\adr.exe

2011-05-13 05:15:50 -------- d-----w- c:\progra~2\cC00000PjHpP00000

2011-05-11 03:17:11 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-11 03:17:11 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-05-11 03:17:11 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-05-11 03:17:11 284160 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-05-11 03:17:11 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-05-11 03:17:11 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-05-11 03:17:11 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-05-11 03:17:07 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-05-11 03:17:07 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-28 03:01:24 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-04-28 03:01:16 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-04-28 03:01:16 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-04-28 03:01:15 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-04-28 03:01:15 74240 ----a-w- c:\windows\system32\fsutil.exe

2011-04-28 03:01:15 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-04-28 03:01:15 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-04-28 03:01:15 1686016 ----a-w- c:\windows\system32\esent.dll

2011-04-28 03:01:15 146304 ----a-w- c:\windows\system32\drivers\storport.sys

2011-04-28 03:01:15 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-04-28 03:00:57 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-04-28 03:00:55 2614784 ----a-w- c:\windows\explorer.exe

.

==================== Find3M ====================

.

2011-04-16 21:38:43 103720 ----a-w- c:\users\deadfan\GoToAssistDownloadHelper.exe

2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-03-09 13:01:45 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-03-03 03:31:32 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-02-24 05:32:52 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll

2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec

2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll

2011-02-18 05:36:26 428032 ----a-w- c:\windows\system32\vbscript.dll

.

============= FINISH: 22:58:21.74 ===============

Thanks - how are we doing?!

Link to post
Share on other sites

  • Staff

Looks like progress! :D

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hello and thanks again for the help.

I updated MB and ran a quick scan - here is the log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6644

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

5/22/2011 8:31:33 PM

mbam-log-2011-05-22 (20-31-33).txt

Scan type: Quick scan

Objects scanned: 135920

Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Hpokufanero (Trojan.Agent.U) -> Value: Hpokufanero -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\users\deadfan\appdata\local\temp\0.1481198036782485.exe (Malware.Gen) -> Quarantined and deleted successfully.

c:\Users\deadfan\AppData\Local\Temp\0.6272450323438387.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\deadfan\AppData\Local\Temp\0.9381046733390479.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Then, I disabled Symantec Endpoint protection (I think) and download and ran combofix - here is the log:

ComboFix 11-05-21.03 - deadfan 05/22/2011 20:54:31.1.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1976.1092 [GMT -4:00]

Running from: c:\users\deadfan\Downloads\ComboFix.exe

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\cC00000PjHpP00000

c:\programdata\cC00000PjHpP00000\cC00000PjHpP00000.exe

c:\users\deadfan\AppData\Local\{1C199F69-FD6A-4EF8-8FED-4EE095FF2BF4}

c:\users\deadfan\AppData\Local\{1C199F69-FD6A-4EF8-8FED-4EE095FF2BF4}\chrome.manifest

c:\users\deadfan\AppData\Local\{1C199F69-FD6A-4EF8-8FED-4EE095FF2BF4}\chrome\content\_cfg.js

c:\users\deadfan\AppData\Local\{1C199F69-FD6A-4EF8-8FED-4EE095FF2BF4}\chrome\content\overlay.xul

c:\users\deadfan\AppData\Local\{1C199F69-FD6A-4EF8-8FED-4EE095FF2BF4}\install.rdf

c:\users\deadfan\AppData\Local\adr.exe

c:\users\deadfan\AppData\Local\can.exe

c:\users\deadfan\AppData\Roaming\Adobe\plugs

c:\users\deadfan\AppData\Roaming\Adobe\plugs\mmc9344335.txt

c:\users\deadfan\AppData\Roaming\Adobe\shed

c:\users\deadfan\AppData\Roaming\Adobe\shed\thr1.chm

c:\users\deadfan\AppData\Roaming\igxpdv32.dat

c:\users\deadfan\GoToAssistDownloadHelper.exe

D:\AUTORUN.INF

.

.

((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))

.

.

2011-05-23 01:01 . 2011-05-23 01:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-19 02:38 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-05-13 05:16 . 2011-05-13 05:16 -------- d-----w- c:\users\deadfan\AppData\Local\Panther

2011-05-11 03:17 . 2011-03-25 03:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-05-11 03:17 . 2011-03-25 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-05-11 03:17 . 2011-03-25 03:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-11 03:17 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-05-11 03:17 . 2011-03-25 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-05-11 03:17 . 2011-03-25 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-05-11 03:17 . 2011-03-25 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-05-11 03:17 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-05-11 03:17 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-28 03:01 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-04-28 03:01 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-04-28 03:01 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-04-28 03:01 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys

2011-04-28 03:01 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-04-28 03:01 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-04-28 03:01 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-04-28 03:01 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-04-28 03:01 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll

2011-04-28 03:01 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe

2011-04-28 03:00 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-04-28 03:00 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-19 02:34 . 2011-03-26 07:55 0 ----a-w- c:\users\deadfan\AppData\Local\Bvoci.bin

2011-03-11 05:40 . 2011-04-12 22:49 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-03-11 05:40 . 2011-04-12 22:49 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-09 13:01 . 2011-03-09 13:01 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-03-08 05:38 . 2011-04-12 22:50 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 05:29 . 2011-04-12 22:58 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 05:27 . 2011-04-12 22:58 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-03-03 03:31 . 2011-04-12 22:51 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-02-24 05:32 . 2011-04-12 22:50 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-24 05:32 . 2011-04-12 22:57 981504 ----a-w- c:\windows\system32\wininet.dll

2011-02-24 05:30 . 2011-04-12 22:57 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-24 04:23 . 2011-04-12 22:57 386048 ----a-w- c:\windows\system32\html.iec

2011-02-24 03:50 . 2011-04-12 22:57 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-23 05:06 . 2011-04-12 22:58 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-23 05:05 . 2011-04-12 22:58 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-02-23 05:05 . 2011-04-12 22:58 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-02-23 05:05 . 2011-04-12 22:49 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-02-23 05:05 . 2011-04-12 22:49 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-02-23 05:05 . 2011-04-12 22:49 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-23 05:05 . 2011-04-12 22:49 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-05-01 07:09 . 2011-03-24 06:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-20 115560]

"T-Mobile webConnect Manager"="c:\program files\T-Mobile\webConnect Manager\TMobileCM.exe" [2009-09-28 22296]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 CATmobile;T-Mobile Con App Svc;c:\program files\T-Mobile\webConnect Manager\conappssvc.exe [2009-08-13 124184]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-24 112128]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 100736]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 TMobileRcAppSvc;T-Mobile RcApp Svc;c:\program files\T-Mobile\webConnect Manager\RcAppSvc.exe [2009-08-13 120088]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1343400]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-09 105592]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2130681001-2903037884-3875215345-1000Core.job

- c:\users\deadfan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-27 05:19]

.

2011-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2130681001-2903037884-3875215345-1000UA.job

- c:\users\deadfan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-27 05:19]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = <local>

Trusted Zone: real.com\rhap-app-4-0

Trusted Zone: real.com\rhapreg

FF - ProfilePath - c:\users\deadfan\AppData\Roaming\Mozilla\Firefox\Profiles\tr9oykg3.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-Symantec Antvirus

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-05-22 21:02:46

ComboFix-quarantined-files.txt 2011-05-23 01:02

.

Pre-Run: 100,725,002,240 bytes free

Post-Run: 102,913,851,392 bytes free

.

- - End Of File - - BB308353AD8F991662CCA2664C6A057B

Then, I ran DDS - here is the log:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by deadfan at 21:13:25.64 on Sun 05/22/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1976.794 [GMT -4:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec Endpoint Protection\Rtvscan.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Symantec Endpoint Protection\SymCorpUI.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\notepad.exe

C:\Windows\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\deadfan\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [T-Mobile webConnect Manager] "c:\program files\t-mobile\webconnect manager\TMobileCM.exe" -a

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

Trusted Zone: real.com\rhap-app-4-0

Trusted Zone: real.com\rhapreg

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\deadfan\appdata\roaming\mozilla\firefox\profiles\tr9oykg3.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\users\deadfan\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\users\deadfan\appdata\roaming\mozilla\plugins\npicaN.dll

.

============= SERVICES / DRIVERS ===============

.

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec endpoint protection\Rtvscan.exe [2009-10-20 2477304]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-11 105592]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 CATmobile;T-Mobile Con App Svc;c:\program files\t-mobile\webconnect manager\conappssvc.exe [2009-8-13 124184]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2009-7-24 112128]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2009-7-24 100736]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TMobileRcAppSvc;T-Mobile RcApp Svc;c:\program files\t-mobile\webconnect manager\RcAppSvc.exe [2009-8-13 120088]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-4 1343400]

.

=============== Created Last 30 ================

.

2011-05-23 01:02:50 -------- d-sh--w- C:\$RECYCLE.BIN

2011-05-23 00:53:06 98816 ----a-w- c:\windows\sed.exe

2011-05-23 00:53:06 89088 ----a-w- c:\windows\MBR.exe

2011-05-23 00:53:06 256512 ----a-w- c:\windows\PEV.exe

2011-05-23 00:53:06 161792 ----a-w- c:\windows\SWREG.exe

2011-05-19 02:38:24 123904 ----a-w- c:\windows\system32\poqexec.exe

2011-05-13 05:16:24 -------- d-----w- c:\users\deadfan\appdata\local\Panther

2011-05-11 03:17:11 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-05-11 03:17:11 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2011-05-11 03:17:11 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-05-11 03:17:11 284160 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-05-11 03:17:11 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-05-11 03:17:11 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-05-11 03:17:11 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-05-11 03:17:07 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-05-11 03:17:07 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-28 03:01:24 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-04-28 03:01:16 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys

2011-04-28 03:01:16 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-04-28 03:01:15 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys

2011-04-28 03:01:15 74240 ----a-w- c:\windows\system32\fsutil.exe

2011-04-28 03:01:15 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2011-04-28 03:01:15 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys

2011-04-28 03:01:15 1686016 ----a-w- c:\windows\system32\esent.dll

2011-04-28 03:01:15 146304 ----a-w- c:\windows\system32\drivers\storport.sys

2011-04-28 03:01:15 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys

2011-04-28 03:00:57 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-04-28 03:00:55 2614784 ----a-w- c:\windows\explorer.exe

.

==================== Find3M ====================

.

2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-03-09 13:01:45 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-03-03 03:31:32 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-02-24 05:32:52 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll

2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec

2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 21:13:48.15 ===============

Link to post
Share on other sites

  • Staff

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.