Update error

[fusilier55]

Have been infected with Security Defender which I get rid of but then it comes back. I suspect I am not getting rid of all of it. Downloaded your product to help, which is seems to have, but it will not update. Followed your guidelines so here is the results.

The DDS Logfile

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22

Run by Morgana at 19:48:13 on 2011-09-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.952 [GMT -4:00]

.

AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Verizon\Online Backup and Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe

C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\Verizon\Online Backup and Sharing\Scheduler\OnlineBackup.SchedulerService.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Verizon\Online Backup and Sharing\SyncNShare\OnlineBackup.SyncNShare.exe

C:\Program Files (x86)\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe

C:\Program Files (x86)\Verizon\Online Backup and Sharing\vewatch.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110812163925.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll

uRun: [NCsoft]

uRun: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Online Backup Auto Update] "C:\Program Files (x86)\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe"

mRun: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Verizon\Online Backup and Sharing\vewatch.exe

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Morgana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Backup.lnk - C:\Windows\system32\schtasks.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{8A4E001F-821B-4FAF-B40C-D026E445BC5D} : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{AF23670C-9AE4-4074-BD44-8F214E9E18CC} : DhcpNameServer = 10.0.0.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO-X64: Search Helper - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110812163925.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Online Backup Auto Update] "C:\Program Files (x86)\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe"

mRun-x64: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Verizon\Online Backup and Sharing\vewatch.exe

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Morgana\AppData\Roaming\Mozilla\Firefox\Profiles\6vd9hatp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 FilesystemWatcher;Filesystem Watcher;C:\Program Files (x86)\Verizon\Online Backup and Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [2010-12-28 24576]

R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-7-1 151552]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-2 366640]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-12 355440]

R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-12 355440]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-12 355440]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-12 355440]

R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-8-12 200056]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-8-12 245352]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-11 2214504]

R2 OnlineBackupSchedulerService;Online Backup Scheduler;C:\Program Files (x86)\Verizon\Online Backup and Sharing\Scheduler\OnlineBackup.SchedulerService.exe [2011-2-1 24576]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-11 1153368]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\rtl8187.sys --> C:\Windows\system32\DRIVERS\rtl8187.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 0278761315001467mcinstcleanup;McAfee Application Installer Cleanup (0278761315001467);C:\Windows\TEMP\027876~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\027876~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-12 355440]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2011-09-02 21:55:40 -------- d-----w- C:\Users\Morgana\AppData\Roaming\Malwarebytes

2011-09-02 21:55:36 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-09-02 21:55:35 -------- d-----w- C:\ProgramData\Malwarebytes

2011-09-02 21:55:30 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-09-02 21:55:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-09-01 21:52:59 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-09-01 21:52:59 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-09-01 21:52:59 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-09-01 21:52:59 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-09-01 21:52:59 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-08-30 23:59:51 -------- d-----w- C:\Users\Morgana\AppData\Local\Facebook

2011-08-28 00:33:12 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL

2011-08-28 00:33:12 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2011-08-28 00:33:12 -------- d-----w- C:\Program Files (x86)\SpywareBlaster

2011-08-28 00:23:02 -------- d-----w- C:\Users\Morgana\AppData\Roaming\WinPatrol

2011-08-28 00:22:51 -------- d-----w- C:\ProgramData\InstallMate

2011-08-28 00:22:51 -------- d-----w- C:\Program Files (x86)\BillP Studios

2011-08-27 22:55:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-08-27 22:55:49 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-08-25 02:52:54 -------- d-----w- C:\Users\Morgana\AppData\Local\ElevatedDiagnostics

2011-08-19 19:27:40 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-08-12 20:39:37 -------- d-----w- C:\Program Files (x86)\McAfee.com

2011-08-12 20:39:25 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll

2011-08-12 20:39:25 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee

2011-08-12 20:39:24 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2011-08-12 20:25:53 -------- d-----w- C:\Users\Morgana\Tracing

2011-08-12 20:25:16 61288 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

2011-08-12 20:23:21 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2011-08-12 20:22:28 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive

2011-08-12 20:21:55 -------- d-----w- C:\Windows\PCHEALTH

2011-08-12 20:18:51 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d4e4a2a1cc592d\DSETUP.dll

2011-08-12 20:18:51 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d4e4a2a1cc592d\DXSETUP.exe

2011-08-12 20:18:51 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d4e4a2a1cc592d\dsetup32.dll

2011-08-12 19:53:51 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2011-08-12 19:53:24 -------- d-----w- C:\Windows\SysWow64\Wat

2011-08-12 19:53:24 -------- d-----w- C:\Windows\System32\Wat

2011-08-12 16:52:00 -------- d-----w- C:\Users\Morgana\AppData\Local\{807D3350-2634-4907-AF79-C77E3C2C75C0}

2011-08-12 16:36:26 -------- d-----w- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2011-08-12 16:31:43 -------- d-----w- C:\Program Files (x86)\WinMend

2011-08-12 16:13:39 -------- dc-h--w- C:\ProgramData\~0

2011-08-12 16:13:30 -------- d-----w- C:\Users\Morgana\AppData\Local\PackageAware

2011-08-12 15:38:04 -------- d-----w- C:\Program Files (x86)\Microsoft

2011-08-12 15:37:54 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2011-08-12 15:37:54 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2011-08-12 15:37:53 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2011-08-12 15:37:53 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2011-08-12 15:37:28 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2011-08-12 15:37:28 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2011-08-12 15:37:26 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bb17540d1cc590505\bingbarsetup.exe

2011-08-12 15:36:50 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a6b2d86c1cc590504\MeshBetaRemover.exe

2011-08-12 15:36:45 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a3d5503f1cc590503\DSETUP.dll

2011-08-12 15:36:45 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a3d5503f1cc590503\DXSETUP.exe

2011-08-12 15:36:45 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a3d5503f1cc590503\dsetup32.dll

2011-08-12 15:36:38 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9db477b61cc590502\DXSETUP.exe

2011-08-12 15:36:38 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9db477b61cc590502\dsetup32.dll

2011-08-12 15:36:37 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9db477b61cc590502\DSETUP.dll

2011-08-12 15:36:23 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9467ceca1cc590501\Silverlight.4.0.exe

2011-08-12 15:35:35 -------- d-----w- C:\Users\Morgana\AppData\Local\Windows Live

2011-08-12 15:35:29 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2011-08-11 20:14:21 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-08-11 20:14:21 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-08-11 20:13:05 -------- d-----w- C:\Users\Morgana\AppData\Local\NCSoft

2011-08-11 12:54:51 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2011-08-11 12:54:39 739432 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll

2011-08-11 12:54:39 6300776 ----a-w- C:\Windows\System32\nvcpl.dll

2011-08-11 12:54:39 61544 ----a-w- C:\Windows\System32\nvshext.dll

2011-08-11 12:54:39 3040872 ----a-w- C:\Windows\System32\nvsvc64.dll

2011-08-11 12:54:39 2560616 ----a-w- C:\Windows\System32\nvsvcr.dll

2011-08-11 12:54:39 117864 ----a-w- C:\Windows\System32\nvmctray.dll

2011-08-11 12:54:39 1016936 ----a-w- C:\Windows\System32\nvvsvc.exe

2011-08-11 12:53:43 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2011-08-11 12:53:35 -------- d-----w- C:\Program Files\NVIDIA Corporation

2011-08-11 04:03:08 -------- d-----w- C:\Windows\Panther

2011-08-11 02:07:50 -------- d-----w- C:\Users\Morgana\AppData\Roaming\DigiData

2011-08-11 02:07:14 -------- d-----w- C:\ProgramData\DigiData

2011-08-11 01:10:39 31232 ----a-w- C:\Windows\System32\prevhost.exe

2011-08-11 01:10:38 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2011-08-11 01:06:53 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2011-08-11 01:04:23 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-08-11 01:04:02 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-08-11 01:04:02 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-08-11 01:04:01 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-08-11 01:02:38 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-08-11 01:02:38 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-08-11 00:59:39 -------- d-----w- C:\Users\Morgana\AppData\Roaming\OpenOffice.org

2011-08-11 00:54:17 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-11 00:53:56 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2011-08-10 21:30:09 -------- d-----w- C:\Users\Morgana\AppData\Local\Google

2011-08-10 21:28:04 -------- d-----w- C:\Users\Morgana\AppData\Local\Adobe

2011-08-10 21:14:10 -------- d-----w- C:\Program Files (x86)\Verizon

2011-08-10 21:14:09 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs

2011-08-10 21:14:09 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat

2011-08-10 21:07:27 49210 ----a-w- C:\Windows\SysWow64\vzServices.dll

2011-08-10 21:07:27 -------- d-----w- C:\Windows\SysWow64\FinePointLib

2011-08-10 21:07:26 278528 ----a-w- C:\Windows\SysWow64\VerizonUninstaller.exe

2011-08-10 21:07:26 118784 ----a-w- C:\Windows\SysWow64\VZGUninstall.dll

2011-08-10 21:07:24 -------- d-----w- C:\Program Files (x86)\Common Files\Verizon Online

2011-08-10 21:04:06 598528 ----a-w- C:\Windows\SysWow64\Atx45.ocx

2011-08-10 21:04:06 221184 ----a-w- C:\Windows\SysWow64\DartSock.dll

2011-08-10 21:04:06 118784 ----a-w- C:\Windows\SysWow64\DartTelnet.dll

2011-08-10 20:51:54 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-08-10 20:45:24 -------- d-----w- C:\Users\Morgana\AppData\Local\assembly

2011-08-10 20:44:59 -------- d-----w- C:\Program Files (x86)\NCSoft

2011-08-10 20:44:19 -------- d-----w- C:\Users\Morgana\AppData\Local\Diagnostics

2011-08-10 20:41:07 -------- d-sh--w- C:\Windows\Installer

2011-08-10 20:40:55 -------- d-----w- C:\ProgramData\AVAST Software

2011-08-10 20:40:55 -------- d-----w- C:\Program Files\AVAST Software

.

==================== Find3M ====================

.

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll

2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll

2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll

2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll

2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll

2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll

2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll

2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 19:49:25.81 ===============

Malaware logfile

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7035

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

9/2/2011 7:35:46 PM

mbam-log-2011-09-02 (19-35-46).txt

Scan type: Quick scan

Objects scanned: 188113

Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\Homepage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Cheers,

Ron

Ark.zip

Attach.zip

[screen317]

Hi and welcome to Malwarebytes.

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[fusilier55]

2011/09/06 22:17:17.0939 1724 TDSS rootkit removing tool 2.5.19.0 Sep 6 2011 19:23:56

2011/09/06 22:17:19.0940 1724 ================================================================================

2011/09/06 22:17:19.0940 1724 SystemInfo:

2011/09/06 22:17:19.0940 1724

2011/09/06 22:17:19.0940 1724 OS Version: 6.1.7601 ServicePack: 1.0

2011/09/06 22:17:19.0940 1724 Product type: Workstation

2011/09/06 22:17:19.0940 1724 ComputerName: MORGANA-PC

2011/09/06 22:17:19.0941 1724 UserName: Morgana

2011/09/06 22:17:19.0941 1724 Windows directory: C:\Windows

2011/09/06 22:17:19.0941 1724 System windows directory: C:\Windows

2011/09/06 22:17:19.0941 1724 Running under WOW64

2011/09/06 22:17:19.0941 1724 Processor architecture: Intel x64

2011/09/06 22:17:19.0941 1724 Number of processors: 2

2011/09/06 22:17:19.0941 1724 Page size: 0x1000

2011/09/06 22:17:19.0941 1724 Boot type: Normal boot

2011/09/06 22:17:19.0941 1724 ================================================================================

2011/09/06 22:17:21.0534 1724 Initialize success

2011/09/06 22:17:27.0925 2780 ================================================================================

2011/09/06 22:17:27.0925 2780 Scan started

2011/09/06 22:17:27.0925 2780 Mode: Manual;

2011/09/06 22:17:27.0925 2780 ================================================================================

2011/09/06 22:17:28.0667 2780 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/09/06 22:17:28.0711 2780 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

2011/09/06 22:17:28.0738 2780 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

2011/09/06 22:17:28.0779 2780 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

2011/09/06 22:17:28.0802 2780 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

2011/09/06 22:17:28.0840 2780 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

2011/09/06 22:17:28.0897 2780 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

2011/09/06 22:17:28.0939 2780 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

2011/09/06 22:17:28.0984 2780 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

2011/09/06 22:17:29.0016 2780 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

2011/09/06 22:17:29.0053 2780 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

2011/09/06 22:17:29.0085 2780 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

2011/09/06 22:17:29.0110 2780 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

2011/09/06 22:17:29.0142 2780 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

2011/09/06 22:17:29.0170 2780 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

2011/09/06 22:17:29.0214 2780 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

2011/09/06 22:17:29.0243 2780 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

2011/09/06 22:17:29.0263 2780 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

2011/09/06 22:17:29.0288 2780 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/09/06 22:17:29.0318 2780 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

2011/09/06 22:17:29.0364 2780 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

2011/09/06 22:17:29.0410 2780 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/09/06 22:17:29.0447 2780 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/09/06 22:17:29.0479 2780 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/09/06 22:17:29.0501 2780 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

2011/09/06 22:17:29.0532 2780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

2011/09/06 22:17:29.0558 2780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

2011/09/06 22:17:29.0592 2780 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/09/06 22:17:29.0622 2780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/09/06 22:17:29.0651 2780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/09/06 22:17:29.0668 2780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/09/06 22:17:29.0707 2780 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

2011/09/06 22:17:29.0743 2780 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/09/06 22:17:29.0773 2780 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

2011/09/06 22:17:29.0809 2780 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys

2011/09/06 22:17:29.0871 2780 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

2011/09/06 22:17:29.0915 2780 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/09/06 22:17:29.0953 2780 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

2011/09/06 22:17:29.0978 2780 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

2011/09/06 22:17:30.0008 2780 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

2011/09/06 22:17:30.0035 2780 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

2011/09/06 22:17:30.0056 2780 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/09/06 22:17:30.0084 2780 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

2011/09/06 22:17:30.0132 2780 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

2011/09/06 22:17:30.0167 2780 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/09/06 22:17:30.0192 2780 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

2011/09/06 22:17:30.0243 2780 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/09/06 22:17:30.0282 2780 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

2011/09/06 22:17:30.0362 2780 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

2011/09/06 22:17:30.0469 2780 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

2011/09/06 22:17:30.0502 2780 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

2011/09/06 22:17:30.0539 2780 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/09/06 22:17:30.0575 2780 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/09/06 22:17:30.0611 2780 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/09/06 22:17:30.0636 2780 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/09/06 22:17:30.0672 2780 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/09/06 22:17:30.0693 2780 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/09/06 22:17:30.0731 2780 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

2011/09/06 22:17:30.0769 2780 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/09/06 22:17:30.0829 2780 fssfltr (2bf3b36b96d015af666b6aa63ae2e38f) C:\Windows\system32\DRIVERS\fssfltr.sys

2011/09/06 22:17:30.0856 2780 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/09/06 22:17:30.0885 2780 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/09/06 22:17:30.0928 2780 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

2011/09/06 22:17:30.0966 2780 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/09/06 22:17:31.0004 2780 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

2011/09/06 22:17:31.0038 2780 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/09/06 22:17:31.0069 2780 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

2011/09/06 22:17:31.0092 2780 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

2011/09/06 22:17:31.0114 2780 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

2011/09/06 22:17:31.0149 2780 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

2011/09/06 22:17:31.0187 2780 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

2011/09/06 22:17:31.0229 2780 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

2011/09/06 22:17:31.0258 2780 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

2011/09/06 22:17:31.0289 2780 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/09/06 22:17:31.0327 2780 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

2011/09/06 22:17:31.0367 2780 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

2011/09/06 22:17:31.0393 2780 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

2011/09/06 22:17:31.0422 2780 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/09/06 22:17:31.0457 2780 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/09/06 22:17:31.0497 2780 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

2011/09/06 22:17:31.0520 2780 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/09/06 22:17:31.0542 2780 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/09/06 22:17:31.0571 2780 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

2011/09/06 22:17:31.0600 2780 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

2011/09/06 22:17:31.0624 2780 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/09/06 22:17:31.0653 2780 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

2011/09/06 22:17:31.0682 2780 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

2011/09/06 22:17:31.0713 2780 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

2011/09/06 22:17:31.0734 2780 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/09/06 22:17:31.0787 2780 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/09/06 22:17:31.0828 2780 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

2011/09/06 22:17:31.0855 2780 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

2011/09/06 22:17:31.0882 2780 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

2011/09/06 22:17:31.0908 2780 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

2011/09/06 22:17:31.0940 2780 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/09/06 22:17:31.0979 2780 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys

2011/09/06 22:17:32.0073 2780 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

2011/09/06 22:17:32.0110 2780 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

2011/09/06 22:17:32.0144 2780 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys

2011/09/06 22:17:32.0173 2780 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys

2011/09/06 22:17:32.0237 2780 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys

2011/09/06 22:17:32.0274 2780 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys

2011/09/06 22:17:32.0306 2780 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys

2011/09/06 22:17:32.0334 2780 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys

2011/09/06 22:17:32.0372 2780 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys

2011/09/06 22:17:32.0411 2780 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/09/06 22:17:32.0446 2780 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/09/06 22:17:32.0472 2780 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/09/06 22:17:32.0500 2780 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/09/06 22:17:32.0538 2780 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

2011/09/06 22:17:32.0564 2780 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

2011/09/06 22:17:32.0591 2780 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/09/06 22:17:32.0626 2780 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

2011/09/06 22:17:32.0663 2780 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/09/06 22:17:32.0690 2780 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/09/06 22:17:32.0716 2780 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/09/06 22:17:32.0740 2780 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

2011/09/06 22:17:32.0774 2780 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

2011/09/06 22:17:32.0806 2780 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/09/06 22:17:32.0835 2780 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/09/06 22:17:32.0860 2780 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

2011/09/06 22:17:32.0904 2780 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/09/06 22:17:32.0935 2780 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/09/06 22:17:32.0962 2780 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/09/06 22:17:32.0998 2780 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

2011/09/06 22:17:33.0021 2780 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/09/06 22:17:33.0041 2780 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/09/06 22:17:33.0075 2780 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

2011/09/06 22:17:33.0104 2780 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys

2011/09/06 22:17:33.0128 2780 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/09/06 22:17:33.0167 2780 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/09/06 22:17:33.0212 2780 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

2011/09/06 22:17:33.0246 2780 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/09/06 22:17:33.0277 2780 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/09/06 22:17:33.0310 2780 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/09/06 22:17:33.0335 2780 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/09/06 22:17:33.0367 2780 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

2011/09/06 22:17:33.0387 2780 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/09/06 22:17:33.0456 2780 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

2011/09/06 22:17:33.0490 2780 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

2011/09/06 22:17:33.0514 2780 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/09/06 22:17:33.0556 2780 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/09/06 22:17:33.0605 2780 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

2011/09/06 22:17:33.0653 2780 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/09/06 22:17:33.0938 2780 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/09/06 22:17:34.0189 2780 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

2011/09/06 22:17:34.0215 2780 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

2011/09/06 22:17:34.0248 2780 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

2011/09/06 22:17:34.0286 2780 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

2011/09/06 22:17:34.0333 2780 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

2011/09/06 22:17:34.0363 2780 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

2011/09/06 22:17:34.0391 2780 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

2011/09/06 22:17:34.0424 2780 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

2011/09/06 22:17:34.0460 2780 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

2011/09/06 22:17:34.0492 2780 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/09/06 22:17:34.0549 2780 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/09/06 22:17:34.0651 2780 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

2011/09/06 22:17:34.0689 2780 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

2011/09/06 22:17:34.0732 2780 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

2011/09/06 22:17:34.0777 2780 qfkpvPRK (ddab9189ea152d72d979091ade197cb0) C:\Windows\system32\drivers\qfkpvPRK.sys

2011/09/06 22:17:34.0832 2780 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

2011/09/06 22:17:34.0890 2780 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

2011/09/06 22:17:34.0921 2780 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/09/06 22:17:34.0955 2780 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/09/06 22:17:34.0980 2780 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/09/06 22:17:35.0013 2780 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/09/06 22:17:35.0048 2780 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/09/06 22:17:35.0082 2780 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/09/06 22:17:35.0118 2780 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

2011/09/06 22:17:35.0145 2780 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

2011/09/06 22:17:35.0178 2780 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/09/06 22:17:35.0199 2780 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/09/06 22:17:35.0228 2780 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/09/06 22:17:35.0260 2780 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

2011/09/06 22:17:35.0295 2780 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

2011/09/06 22:17:35.0347 2780 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/09/06 22:17:35.0370 2780 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys

2011/09/06 22:17:35.0402 2780 RTL8187 (333224d4d25f9bcca488e08345083e1c) C:\Windows\system32\DRIVERS\rtl8187.sys

2011/09/06 22:17:35.0437 2780 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

2011/09/06 22:17:35.0477 2780 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

2011/09/06 22:17:35.0510 2780 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/09/06 22:17:35.0556 2780 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/09/06 22:17:35.0588 2780 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/09/06 22:17:35.0620 2780 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

2011/09/06 22:17:35.0675 2780 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

2011/09/06 22:17:35.0698 2780 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

2011/09/06 22:17:35.0716 2780 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

2011/09/06 22:17:35.0746 2780 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

2011/09/06 22:17:35.0784 2780 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

2011/09/06 22:17:35.0815 2780 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

2011/09/06 22:17:35.0844 2780 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/09/06 22:17:35.0895 2780 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/09/06 22:17:35.0941 2780 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

2011/09/06 22:17:35.0967 2780 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

2011/09/06 22:17:35.0995 2780 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

2011/09/06 22:17:36.0028 2780 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

2011/09/06 22:17:36.0061 2780 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2011/09/06 22:17:36.0135 2780 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

2011/09/06 22:17:36.0206 2780 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

2011/09/06 22:17:36.0257 2780 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

2011/09/06 22:17:36.0289 2780 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/09/06 22:17:36.0314 2780 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/09/06 22:17:36.0343 2780 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

2011/09/06 22:17:36.0372 2780 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

2011/09/06 22:17:36.0425 2780 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/09/06 22:17:36.0453 2780 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

2011/09/06 22:17:36.0478 2780 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

2011/09/06 22:17:36.0509 2780 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

2011/09/06 22:17:36.0550 2780 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

2011/09/06 22:17:36.0602 2780 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

2011/09/06 22:17:36.0666 2780 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

2011/09/06 22:17:36.0708 2780 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

2011/09/06 22:17:36.0736 2780 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

2011/09/06 22:17:36.0769 2780 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/09/06 22:17:36.0795 2780 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

2011/09/06 22:17:36.0830 2780 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/09/06 22:17:36.0864 2780 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

2011/09/06 22:17:36.0903 2780 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

2011/09/06 22:17:36.0951 2780 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/09/06 22:17:36.0974 2780 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2011/09/06 22:17:36.0996 2780 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/09/06 22:17:37.0025 2780 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/09/06 22:17:37.0062 2780 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

2011/09/06 22:17:37.0085 2780 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/09/06 22:17:37.0126 2780 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/09/06 22:17:37.0161 2780 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

2011/09/06 22:17:37.0193 2780 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

2011/09/06 22:17:37.0216 2780 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

2011/09/06 22:17:37.0257 2780 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

2011/09/06 22:17:37.0290 2780 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

2011/09/06 22:17:37.0318 2780 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

2011/09/06 22:17:37.0352 2780 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

2011/09/06 22:17:37.0376 2780 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/09/06 22:17:37.0407 2780 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

2011/09/06 22:17:37.0448 2780 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

2011/09/06 22:17:37.0481 2780 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/06 22:17:37.0494 2780 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/06 22:17:37.0557 2780 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

2011/09/06 22:17:37.0597 2780 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/09/06 22:17:37.0651 2780 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/09/06 22:17:37.0683 2780 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/09/06 22:17:37.0765 2780 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

2011/09/06 22:17:37.0835 2780 WRkrn (ddab9189ea152d72d979091ade197cb0) C:\Windows\system32\drivers\WRkrn.sys

2011/09/06 22:17:37.0879 2780 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/09/06 22:17:37.0932 2780 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

2011/09/06 22:17:37.0962 2780 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/09/06 22:17:38.0008 2780 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

2011/09/06 22:17:38.0045 2780 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/09/06 22:17:38.0058 2780 Boot (0x1200) (6b6cd83282e3f721c3350cfc6ea4af6e) \Device\Harddisk0\DR0\Partition0

2011/09/06 22:17:38.0078 2780 Boot (0x1200) (2d75602eab099265348668d3b97707c6) \Device\Harddisk0\DR0\Partition1

2011/09/06 22:17:38.0082 2780 ================================================================================

2011/09/06 22:17:38.0082 2780 Scan finished

2011/09/06 22:17:38.0082 2780 ================================================================================

2011/09/06 22:17:38.0090 3180 Detected object count: 0

2011/09/06 22:17:38.0090 3180 Actual detected object count: 0

[fusilier55]

I can not update MBAM, that is after all the root of my problem. Here however is the most recent log from a just run scan

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7035

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

9/6/2011 10:33:29 PM

mbam-log-2011-09-06 (22-33-29).txt

Scan type: Quick scan

Objects scanned: 189364

Time elapsed: 10 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[fusilier55]

Hmm so far I can't get Combofix to install

[fusilier55]

Finally got it to work...firewalls were blocking it. Here is the Combofix report

ComboFix 11-09-05.05 - Morgana 09/07/2011 0:28.1.2 - x64 MINIMAL

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.1065 [GMT -4:00]

Running from: c:\users\Morgana\Desktop\ComboFix.exe

AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

AV: Webroot SecureAnywhere *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}

FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Webroot SecureAnywhere *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Morgana\AppData\Roaming\Adobe\plugs

c:\users\Morgana\AppData\Roaming\Adobe\shed

c:\users\Morgana\AppData\Roaming\Mozilla\Firefox\Profiles\6vd9hatp.default\extensions\{6cc19e13-d693-40be-b1c5-291a60d3bfbf}

c:\users\Morgana\AppData\Roaming\Mozilla\Firefox\Profiles\6vd9hatp.default\extensions\{6cc19e13-d693-40be-b1c5-291a60d3bfbf}\chrome.manifest

c:\users\Morgana\AppData\Roaming\Mozilla\Firefox\Profiles\6vd9hatp.default\extensions\{6cc19e13-d693-40be-b1c5-291a60d3bfbf}\chrome\xulcache.jar

c:\users\Morgana\AppData\Roaming\Mozilla\Firefox\Profiles\6vd9hatp.default\extensions\{6cc19e13-d693-40be-b1c5-291a60d3bfbf}\defaults\preferences\xulcache.js

c:\users\Morgana\AppData\Roaming\Mozilla\Firefox\Profiles\6vd9hatp.default\extensions\{6cc19e13-d693-40be-b1c5-291a60d3bfbf}\install.rdf

c:\users\Morgana\Taskmgr.exe

c:\users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\u7z7h0kf.default\extensions\{6cc19e13-d693-40be-b1c5-291a60d3bfbf}

c:\users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\u7z7h0kf.default\extensions\{6cc19e13-d693-40be-b1c5-291a60d3bfbf}\chrome.manifest

c:\users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\u7z7h0kf.default\extensions\{6cc19e13-d693-40be-b1c5-291a60d3bfbf}\chrome\xulcache.jar

c:\users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\u7z7h0kf.default\extensions\{6cc19e13-d693-40be-b1c5-291a60d3bfbf}\defaults\preferences\xulcache.js

c:\users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\u7z7h0kf.default\extensions\{6cc19e13-d693-40be-b1c5-291a60d3bfbf}\install.rdf

.

.

((((((((((((((((((((((((( Files Created from 2011-08-07 to 2011-09-07 )))))))))))))))))))))))))))))))

.

.

2011-09-07 04:31 . 2011-09-07 04:31 106824 ----a-w- c:\windows\system32\drivers\zsINADpE.sys

2011-09-07 04:30 . 2011-09-07 04:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-07 04:25 . 2011-09-07 04:25 106824 ----a-w- c:\windows\system32\drivers\MDACzERj.sys

2011-09-07 04:19 . 2011-09-07 04:19 106824 ----a-w- c:\windows\system32\drivers\toMfBxtP.sys

2011-09-07 04:17 . 2011-09-07 04:17 106824 ----a-w- c:\windows\system32\drivers\usFDOkbv.sys

2011-09-06 00:29 . 2011-09-06 00:29 74328 ----a-w- c:\windows\system32\WRusr.dll

2011-09-06 00:29 . 2011-09-06 00:29 121184 ----a-w- c:\windows\SysWow64\WRusr.dll

2011-09-06 00:29 . 2011-09-06 00:29 106824 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2011-09-06 00:29 . 2011-09-06 00:29 -------- d-----w- c:\program files\Webroot

2011-09-06 00:29 . 2011-09-07 02:43 -------- d-----w- c:\programdata\WRData

2011-09-04 03:28 . 2011-09-04 03:28 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information

2011-09-04 03:04 . 2011-09-04 20:36 -------- d-----w- c:\programdata\InstallShield

2011-09-04 02:55 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-09-04 02:55 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-04 02:31 . 2011-09-04 02:31 -------- d-----w- c:\programdata\Malwarebytes

2011-09-04 02:31 . 2011-09-04 02:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-09-04 01:04 . 2011-09-04 01:04 -------- d-----w- c:\program files (x86)\Pando Networks

2011-08-28 00:36 . 2011-08-28 00:44 -------- d-----w- c:\program files (x86)\ERUNT

2011-08-28 00:33 . 2011-09-01 02:32 -------- d-----w- c:\program files (x86)\SpywareBlaster

2011-08-28 00:33 . 2010-01-10 23:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL

2011-08-28 00:33 . 2010-01-10 23:40 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2011-08-28 00:22 . 2011-09-01 02:32 -------- d-----w- c:\programdata\InstallMate

2011-08-28 00:22 . 2011-09-01 02:32 -------- d-----w- c:\program files (x86)\BillP Studios

2011-08-27 22:55 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-27 22:55 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-08-19 19:27 . 2011-08-19 19:27 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-08-19 19:27 . 2011-08-19 19:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-08-19 19:27 . 2011-08-19 19:27 -------- d-----w- c:\program files (x86)\Java

2011-08-13 11:03 . 2011-09-04 02:47 -------- d-----w- c:\users\Nancy

2011-08-12 20:39 . 2011-09-04 02:46 -------- d-----w- c:\program files (x86)\Common Files\McAfee

2011-08-12 20:39 . 2011-03-24 12:41 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-12 20:38 . 2011-03-24 12:41 149032 ----a-w- c:\windows\system32\mfevtps.exe

2011-08-12 20:38 . 2011-03-24 12:41 75032 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-08-12 20:38 . 2011-03-24 12:41 283360 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-08-12 20:38 . 2011-03-24 12:41 94864 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-12 20:38 . 2011-03-24 12:41 62800 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-12 20:38 . 2011-03-24 12:41 529128 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2011-08-12 20:38 . 2011-03-24 12:41 441328 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-12 20:38 . 2011-03-24 12:41 190136 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-12 20:38 . 2011-03-24 12:41 121248 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-08-12 20:38 . 2011-08-27 18:30 -------- d-----w- c:\program files\McAfee

2011-08-12 20:38 . 2011-08-27 18:30 -------- d-----w- c:\program files\Common Files\McAfee

2011-08-12 20:38 . 2011-08-27 18:30 -------- d-----w- c:\program files (x86)\McAfee

2011-08-12 20:25 . 2011-08-12 20:25 -------- d-----w- c:\program files\Windows Live

2011-08-12 15:38 . 2011-09-07 02:46 -------- d-----w- c:\program files (x86)\Microsoft

2011-08-12 15:37 . 2009-09-04 21:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2011-08-12 15:37 . 2009-09-04 21:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2011-08-12 15:37 . 2009-09-04 21:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2011-08-12 15:37 . 2009-09-04 21:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-08-12 15:37 . 2006-11-29 17:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2011-08-12 15:37 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll

2011-08-12 15:36 . 2011-08-27 18:30 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2011-08-12 15:35 . 2011-08-12 15:35 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

2011-08-11 20:14 . 2011-09-04 02:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-08-11 20:14 . 2011-09-04 02:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-08-11 12:54 . 2011-09-04 02:50 -------- d-----w- c:\users\UpdatusUser

2011-08-11 12:54 . 2011-08-11 12:54 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2011-08-11 12:54 . 2011-08-11 12:56 -------- d-----w- c:\programdata\NVIDIA

2011-08-11 12:54 . 2011-05-21 10:01 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-08-11 12:54 . 2011-05-21 10:01 6300776 ----a-w- c:\windows\system32\nvcpl.dll

2011-08-11 12:54 . 2011-05-21 10:01 61544 ----a-w- c:\windows\system32\nvshext.dll

2011-08-11 12:54 . 2011-05-21 10:01 3040872 ----a-w- c:\windows\system32\nvsvc64.dll

2011-08-11 12:54 . 2011-05-21 10:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll

2011-08-11 12:54 . 2011-05-21 10:01 117864 ----a-w- c:\windows\system32\nvmctray.dll

2011-08-11 12:54 . 2011-05-21 10:01 1016936 ----a-w- c:\windows\system32\nvvsvc.exe

2011-08-11 12:53 . 2011-08-11 12:53 -------- d-----w- c:\programdata\NVIDIA Corporation

2011-08-11 12:53 . 2011-08-11 12:54 -------- d-----w- c:\program files\NVIDIA Corporation

2011-08-11 04:03 . 2011-08-10 20:28 -------- d-----w- c:\windows\Panther

2011-08-11 02:07 . 2011-08-11 02:07 -------- d-----w- c:\programdata\DigiData

2011-08-11 01:10 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe

2011-08-11 01:10 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe

2011-08-11 01:06 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll

2011-08-11 01:05 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-08-11 01:04 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-08-11 01:04 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-11 01:04 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-08-11 01:04 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-08-11 01:02 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-08-11 01:02 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-08-11 00:54 . 2011-08-11 00:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-11 00:53 . 2011-09-01 02:32 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2011-08-10 21:37 . 2011-08-12 20:42 -------- d-----w- c:\programdata\McAfee

2011-08-10 21:32 . 2011-08-10 21:32 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-08-10 21:30 . 2011-08-11 00:35 -------- d-----w- c:\program files (x86)\Google

2011-08-10 21:28 . 2011-08-10 21:28 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2011-08-10 21:14 . 2011-08-11 02:07 -------- d-----w- c:\program files (x86)\Verizon

2011-08-10 21:14 . 2011-08-10 21:14 260 ----a-w- c:\windows\SysWow64\cmdVBS.vbs

2011-08-10 21:14 . 2011-08-10 21:14 256 ----a-w- c:\windows\SysWow64\MSIevent.bat

2011-08-10 21:07 . 2011-08-27 18:30 -------- d-----w- c:\windows\SysWow64\FinePointLib

2011-08-10 21:07 . 2003-05-30 00:05 49210 ----a-w- c:\windows\SysWow64\vzServices.dll

2011-08-10 21:07 . 2004-08-03 22:49 278528 ----a-w- c:\windows\SysWow64\VerizonUninstaller.exe

2011-08-10 21:07 . 2004-08-03 22:48 118784 ----a-w- c:\windows\SysWow64\VZGUninstall.dll

2011-08-10 21:07 . 2011-08-11 00:57 -------- d-----w- c:\program files (x86)\Common Files\Verizon Online

2011-08-10 21:07 . 2011-08-10 21:07 -------- d-----w- c:\windows\SysWow64\MacroMed

2011-08-10 21:04 . 2004-05-27 15:08 118784 ----a-w- c:\windows\SysWow64\DartTelnet.dll

2011-08-10 21:04 . 2004-05-19 16:18 221184 ----a-w- c:\windows\SysWow64\DartSock.dll

2011-08-10 21:04 . 1999-08-10 23:21 598528 ----a-w- c:\windows\SysWow64\Atx45.ocx

2011-08-10 20:44 . 2011-09-04 03:32 -------- d-----w- c:\program files (x86)\NCSoft

2011-08-10 20:42 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe

2011-08-10 20:41 . 2011-09-07 02:47 -------- d-sh--w- c:\windows\Installer

2011-08-10 20:40 . 2011-08-11 00:44 -------- d-----w- c:\programdata\AVAST Software

2011-08-10 20:40 . 2011-08-10 20:40 -------- d-----w- c:\program files\AVAST Software

2011-08-10 20:28 . 2011-09-07 04:30 -------- d-----w- c:\users\Morgana

2011-08-10 20:28 . 2011-08-10 20:28 -------- d-----w- C:\Recovery

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-16 04:26 . 2011-08-11 01:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Online Backup Auto Update"="c:\program files (x86)\Verizon\Online Backup and Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe" [2011-02-01 233472]

"Vault Explorer Cache Watcher"="c:\program files (x86)\Verizon\Online Backup and Sharing\vewatch.exe" [2010-10-20 28672]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-12-16 1488464]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"WRSVC"="c:\program files\Webroot\WRSA.exe" [2011-09-06 583136]

.

c:\users\Morgana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Backup.lnk - c:\windows\system32\schtasks.exe [2010-11-20 285696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

R2 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-04-08 355440]

R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2011-09-06 583136]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 FilesystemWatcher;Filesystem Watcher;c:\program files (x86)\Verizon\Online Backup and Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [2010-12-28 24576]

S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-07-01 151552]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-04-08 355440]

S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-04-08 355440]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-04-08 355440]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-24 245352]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 OnlineBackupSchedulerService;Online Backup Scheduler;c:\program files (x86)\Verizon\Online Backup and Sharing\Scheduler\OnlineBackup.SchedulerService.exe [2011-02-01 24576]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-06 c:\windows\Tasks\OnlineBackupManager.job

- c:\program files (x86)\Verizon\Online Backup and Sharing\SyncNShare\OnlineBackup.SyncNShare.exe [2011-02-01 18:03]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Morgana\AppData\Roaming\Mozilla\Firefox\Profiles\6vd9hatp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

FF - prefs.js: network.proxy.type - 0

.

.

------- File Associations -------

.

inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*

txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\rundll32.exe

.

**************************************************************************

.

Completion time: 2011-09-07 00:41:39 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-07 04:41

.

Pre-Run: 950,152,953,856 bytes free

Post-Run: 950,125,408,256 bytes free

.

- - End Of File - - EF9D8237E2FD22B226F3EBBCB8B2654E

[screen317]

Hi,

I notice that you are using more than one antivirus program (Webroot and McAfee). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Next, delete your copy of ComboFix, grab a fresh copy, run it, and post its log.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!