Jump to content

Malwarebytes not running full scan


Recommended Posts

I've had malwarebytes free version for several months and have run several complete scans. This week I started have problems where I try to run a full scan, and it only takes 15-18 seconds to run. I suspect that I have an infection that is preventing the full scan from running. I ran the DDS script, I'm posting the DDS results below and have attached the attach log. Please let me know if there is any more information I can provide. Thanks for reading.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Frank at 0:06:36 on 2011-10-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9914 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe

C:\Program Files (x86)\iYogi Support Dock\pccare\IYSODefragSrv64.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:61556

mWinlogon: Userinit=userinit.exe,

BHO: {050e78c9-c3e9-4f76-b193-f302050750b0} - C:\Users\Frank\AppData\Local\TCPIPUser.dll

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111010212504.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [Google Update] "C:\Users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Macromedia Update] rundll32 "C:\Users\Frank\AppData\Local\Citrix\CitrixUpdate\Citrixupdt32.DLL",DllRegisterServer

uRun: [GoogleServiceManager] rundll32.exe "C:\ProgramData\GoogleServiceManager.dll",DllRegisterServer

uRun: [Widcomm Update] rundll32 "C:\Users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}Update\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}updt32.DLL",DllRegisterServer

mRun: [<NO NAME>]

mRun: [iYogi Support Dock] "C:\Program Files (x86)\iYogi Support Dock\iYogiSupportDock.exe"

mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

dRun: [bomgar_Cleanup_ZD6127729553] cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-000000004E4EFF19" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD6127729553 /f

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{5B7D1044-0A8B-48AC-A118-CE09FDDB87B5} : DhcpNameServer = 192.168.2.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

C:\Users\Frank\AppData\Local\TCPIPUser.dll

BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO-X64: Search Helper - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111010212504.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [(Default)]

mRun-x64: [iYogi Support Dock] "C:\Program Files (x86)\iYogi Support Dock\iYogiSupportDock.exe"

mRun-x64: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 61556

FF - prefs.js: network.proxy.type - 1

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Frank\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: XULRunner: {6F88E8DB-2957-4C40-9F2C-88B4C1F2E382} - C:\Users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-9-26 88576]

R2 Apache2.2;Apache2.2;C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-8-6 24645]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

R2 IYSODiskOptimizer;IYSODiskOptimizer;C:\Program Files (x86)\iYogi Support Dock\pccare\iysoDefragSrv64.exe [2011-8-17 286720]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-9 249936]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-9 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-9 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-9 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-12 199008]

R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-4-22 25824]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-12 208272]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-12 158832]

R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-4-30 14088]

R2 SupportDockService.exe;Support Dock Service;C:\Program Files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [2011-6-13 73728]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;\??\C:\Windows\system32\Drivers\OA002Afx.sys --> C:\Windows\system32\Drivers\OA002Afx.sys [?]

R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA002Ufd.sys --> C:\Windows\system32\DRIVERS\OA002Ufd.sys [?]

R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\system32\DRIVERS\OA002Vid.sys --> C:\Windows\system32\DRIVERS\OA002Vid.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 dldtCATSCustConnectService;dldtCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dldtserv.exe [2009-7-9 33448]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-25 136176]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-9-30 1038088]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-25 136176]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]

.

=============== Created Last 30 ================

.

2011-10-17 03:11:07 -------- d-----w- C:\Users\Frank\AppData\Roaming\Malwarebytes

2011-10-17 03:10:38 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-17 03:10:35 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-17 03:10:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-13 04:32:59 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-10-13 04:32:59 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-10-13 04:32:59 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-10-13 04:32:58 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-10-13 04:32:49 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-10-13 04:32:48 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-10-13 04:32:48 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-10-13 04:32:48 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-10-11 02:32:13 268800 ----a-w- C:\Users\Frank\AppData\Local\TCPIPUser.dll

2011-10-11 02:32:11 101888 ----a-w- C:\Windows\SysWow64\srrstr.dll

2011-10-11 02:32:09 101888 ----a-w- C:\ProgramData\GoogleServiceManager.dll

2011-10-11 01:25:04 28504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll

.

==================== Find3M ====================

.

2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-08-26 02:17:59 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-08-15 14:00:06 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2011-08-15 14:00:06 75672 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys

2011-08-15 14:00:06 65128 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2011-08-15 14:00:06 642824 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2011-08-15 14:00:06 481504 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2011-08-15 14:00:06 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2011-08-15 14:00:06 228752 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2011-08-15 14:00:06 158584 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2011-08-15 14:00:06 100904 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

.

============= FINISH: 0:07:21.53 ===============

Forgot the attachment...

Attach.txt

Link to post
Share on other sites

Hello and :welcome:

I see indeed quite some malware here, but first lets do a rootkit scan as well.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Elise,

Thank you for your reply. I ran the TDSSKiller program and it did not find any threats. The report from the run is pasted below.

23:50:24.0771 4292 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23

23:50:25.0340 4292 ============================================================

23:50:25.0340 4292 Current date / time: 2011/10/17 23:50:25.0340

23:50:25.0340 4292 SystemInfo:

23:50:25.0340 4292

23:50:25.0340 4292 OS Version: 6.1.7601 ServicePack: 1.0

23:50:25.0340 4292 Product type: Workstation

23:50:25.0340 4292 ComputerName: FRANK-PC

23:50:25.0341 4292 UserName: Frank

23:50:25.0341 4292 Windows directory: C:\Windows

23:50:25.0341 4292 System windows directory: C:\Windows

23:50:25.0341 4292 Running under WOW64

23:50:25.0341 4292 Processor architecture: Intel x64

23:50:25.0341 4292 Number of processors: 8

23:50:25.0341 4292 Page size: 0x1000

23:50:25.0341 4292 Boot type: Normal boot

23:50:25.0341 4292 ============================================================

23:50:26.0333 4292 Initialize success

23:50:35.0578 0700 ============================================================

23:50:35.0578 0700 Scan started

23:50:35.0579 0700 Mode: Manual;

23:50:35.0579 0700 ============================================================

23:50:36.0610 0700 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys

23:50:36.0612 0700 1394ohci - ok

23:50:36.0707 0700 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

23:50:36.0709 0700 ACPI - ok

23:50:36.0723 0700 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

23:50:36.0766 0700 AcpiPmi - ok

23:50:36.0803 0700 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys

23:50:36.0850 0700 adfs - ok

23:50:36.0875 0700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

23:50:36.0885 0700 adp94xx - ok

23:50:36.0904 0700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

23:50:36.0912 0700 adpahci - ok

23:50:36.0929 0700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

23:50:36.0931 0700 adpu320 - ok

23:50:36.0978 0700 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

23:50:37.0029 0700 AFD - ok

23:50:37.0044 0700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

23:50:37.0048 0700 agp440 - ok

23:50:37.0063 0700 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

23:50:37.0067 0700 aliide - ok

23:50:37.0085 0700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

23:50:37.0087 0700 amdide - ok

23:50:37.0101 0700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

23:50:37.0104 0700 AmdK8 - ok

23:50:37.0121 0700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

23:50:37.0125 0700 AmdPPM - ok

23:50:37.0148 0700 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

23:50:37.0200 0700 amdsata - ok

23:50:37.0209 0700 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

23:50:37.0215 0700 amdsbs - ok

23:50:37.0243 0700 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

23:50:37.0244 0700 amdxata - ok

23:50:37.0262 0700 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

23:50:37.0304 0700 AppID - ok

23:50:37.0324 0700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

23:50:37.0327 0700 arc - ok

23:50:37.0343 0700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

23:50:37.0348 0700 arcsas - ok

23:50:37.0374 0700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

23:50:37.0380 0700 AsyncMac - ok

23:50:37.0407 0700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

23:50:37.0408 0700 atapi - ok

23:50:37.0443 0700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

23:50:37.0454 0700 b06bdrv - ok

23:50:37.0488 0700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

23:50:37.0496 0700 b57nd60a - ok

23:50:37.0517 0700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

23:50:37.0522 0700 Beep - ok

23:50:37.0566 0700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

23:50:37.0572 0700 blbdrive - ok

23:50:37.0596 0700 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

23:50:37.0597 0700 bowser - ok

23:50:37.0610 0700 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

23:50:37.0616 0700 BrFiltLo - ok

23:50:37.0628 0700 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

23:50:37.0629 0700 BrFiltUp - ok

23:50:37.0650 0700 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

23:50:37.0659 0700 Brserid - ok

23:50:37.0676 0700 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

23:50:37.0682 0700 BrSerWdm - ok

23:50:37.0698 0700 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

23:50:37.0702 0700 BrUsbMdm - ok

23:50:37.0713 0700 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

23:50:37.0717 0700 BrUsbSer - ok

23:50:37.0750 0700 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

23:50:37.0754 0700 BthEnum - ok

23:50:37.0770 0700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

23:50:37.0774 0700 BTHMODEM - ok

23:50:37.0807 0700 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

23:50:37.0808 0700 BthPan - ok

23:50:37.0833 0700 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

23:50:37.0869 0700 BTHPORT - ok

23:50:37.0886 0700 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

23:50:37.0920 0700 BTHUSB - ok

23:50:37.0933 0700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

23:50:37.0934 0700 cdfs - ok

23:50:37.0954 0700 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

23:50:37.0988 0700 cdrom - ok

23:50:38.0029 0700 cfwids (75f91554e5fa6e962b880405fecc97a1) C:\Windows\system32\drivers\cfwids.sys

23:50:38.0076 0700 cfwids - ok

23:50:38.0097 0700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

23:50:38.0100 0700 circlass - ok

23:50:38.0135 0700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

23:50:38.0140 0700 CLFS - ok

23:50:38.0164 0700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

23:50:38.0169 0700 CmBatt - ok

23:50:38.0184 0700 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

23:50:38.0188 0700 cmdide - ok

23:50:38.0209 0700 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

23:50:38.0212 0700 CNG - ok

23:50:38.0225 0700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

23:50:38.0230 0700 Compbatt - ok

23:50:38.0253 0700 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

23:50:38.0297 0700 CompositeBus - ok

23:50:38.0310 0700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

23:50:38.0312 0700 crcdisk - ok

23:50:38.0338 0700 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

23:50:38.0338 0700 DfsC - ok

23:50:38.0358 0700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

23:50:38.0361 0700 discache - ok

23:50:38.0378 0700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

23:50:38.0378 0700 Disk - ok

23:50:38.0414 0700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

23:50:38.0418 0700 drmkaud - ok

23:50:38.0445 0700 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

23:50:38.0503 0700 DXGKrnl - ok

23:50:38.0532 0700 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys

23:50:38.0539 0700 e1yexpress - ok

23:50:38.0601 0700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

23:50:38.0648 0700 ebdrv - ok

23:50:38.0674 0700 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

23:50:38.0683 0700 elxstor - ok

23:50:38.0697 0700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

23:50:38.0698 0700 ErrDev - ok

23:50:38.0718 0700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

23:50:38.0724 0700 exfat - ok

23:50:38.0743 0700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

23:50:38.0745 0700 fastfat - ok

23:50:38.0764 0700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

23:50:38.0767 0700 fdc - ok

23:50:38.0789 0700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

23:50:38.0790 0700 FileInfo - ok

23:50:38.0802 0700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

23:50:38.0805 0700 Filetrace - ok

23:50:38.0823 0700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

23:50:38.0826 0700 flpydisk - ok

23:50:38.0843 0700 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

23:50:38.0845 0700 FltMgr - ok

23:50:38.0861 0700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

23:50:38.0864 0700 FsDepends - ok

23:50:38.0882 0700 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

23:50:38.0883 0700 Fs_Rec - ok

23:50:38.0903 0700 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

23:50:38.0905 0700 fvevol - ok

23:50:38.0920 0700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

23:50:38.0927 0700 gagp30kx - ok

23:50:38.0971 0700 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:50:39.0013 0700 GEARAspiWDM - ok

23:50:39.0042 0700 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

23:50:39.0043 0700 hcw85cir - ok

23:50:39.0069 0700 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

23:50:39.0070 0700 HDAudBus - ok

23:50:39.0088 0700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

23:50:39.0091 0700 HidBatt - ok

23:50:39.0106 0700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

23:50:39.0110 0700 HidBth - ok

23:50:39.0122 0700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

23:50:39.0126 0700 HidIr - ok

23:50:39.0145 0700 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

23:50:39.0188 0700 HidUsb - ok

23:50:39.0218 0700 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

23:50:39.0255 0700 HpSAMD - ok

23:50:39.0276 0700 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

23:50:39.0312 0700 HTTP - ok

23:50:39.0329 0700 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

23:50:39.0329 0700 hwpolicy - ok

23:50:39.0349 0700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

23:50:39.0351 0700 i8042prt - ok

23:50:39.0386 0700 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

23:50:39.0436 0700 iaStorV - ok

23:50:39.0450 0700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

23:50:39.0454 0700 iirsp - ok

23:50:39.0509 0700 IntcAzAudAddService (e28edf74900e68184f44cfcdd66f1bc3) C:\Windows\system32\drivers\RTKVHD64.sys

23:50:39.0553 0700 IntcAzAudAddService - ok

23:50:39.0583 0700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

23:50:39.0583 0700 intelide - ok

23:50:39.0594 0700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

23:50:39.0595 0700 intelppm - ok

23:50:39.0616 0700 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:50:39.0664 0700 IpFilterDriver - ok

23:50:39.0682 0700 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

23:50:39.0715 0700 IPMIDRV - ok

23:50:39.0736 0700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

23:50:39.0741 0700 IPNAT - ok

23:50:39.0776 0700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

23:50:39.0780 0700 IRENUM - ok

23:50:39.0794 0700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

23:50:39.0798 0700 isapnp - ok

23:50:39.0816 0700 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

23:50:39.0872 0700 iScsiPrt - ok

23:50:39.0895 0700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

23:50:39.0899 0700 kbdclass - ok

23:50:39.0917 0700 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

23:50:39.0951 0700 kbdhid - ok

23:50:39.0966 0700 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

23:50:39.0966 0700 KSecDD - ok

23:50:39.0982 0700 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

23:50:39.0983 0700 KSecPkg - ok

23:50:39.0996 0700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

23:50:39.0999 0700 ksthunk - ok

23:50:40.0026 0700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

23:50:40.0030 0700 lltdio - ok

23:50:40.0057 0700 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

23:50:40.0061 0700 LSI_FC - ok

23:50:40.0088 0700 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

23:50:40.0092 0700 LSI_SAS - ok

23:50:40.0113 0700 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

23:50:40.0115 0700 LSI_SAS2 - ok

23:50:40.0130 0700 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

23:50:40.0134 0700 LSI_SCSI - ok

23:50:40.0152 0700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

23:50:40.0153 0700 luafv - ok

23:50:40.0189 0700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

23:50:40.0194 0700 megasas - ok

23:50:40.0217 0700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

23:50:40.0225 0700 MegaSR - ok

23:50:40.0248 0700 mfeapfk (eac376dd77ec9e95d38108a27c261dca) C:\Windows\system32\drivers\mfeapfk.sys

23:50:40.0297 0700 mfeapfk - ok

23:50:40.0319 0700 mfeavfk (f55f50b11d635658f346db0457bb2b79) C:\Windows\system32\drivers\mfeavfk.sys

23:50:40.0356 0700 mfeavfk - ok

23:50:40.0364 0700 mfeavfk01 - ok

23:50:40.0395 0700 mfefirek (33b8e35c5839a83d6700aab3e464553b) C:\Windows\system32\drivers\mfefirek.sys

23:50:40.0432 0700 mfefirek - ok

23:50:40.0456 0700 mfehidk (ada8c105c8f9a61284c75157c170585b) C:\Windows\system32\drivers\mfehidk.sys

23:50:40.0459 0700 mfehidk - ok

23:50:40.0467 0700 mfenlfk (c52ee6d1e1e5a69c989acc478051964e) C:\Windows\system32\DRIVERS\mfenlfk.sys

23:50:40.0501 0700 mfenlfk - ok

23:50:40.0514 0700 mferkdet (b000720e19ef733f938a6269d630f5dd) C:\Windows\system32\drivers\mferkdet.sys

23:50:40.0549 0700 mferkdet - ok

23:50:40.0572 0700 mfewfpk (62717ab68b38efee54678b85e19b0538) C:\Windows\system32\drivers\mfewfpk.sys

23:50:40.0573 0700 mfewfpk - ok

23:50:40.0590 0700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

23:50:40.0592 0700 Modem - ok

23:50:40.0610 0700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

23:50:40.0610 0700 monitor - ok

23:50:40.0629 0700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

23:50:40.0634 0700 mouclass - ok

23:50:40.0654 0700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

23:50:40.0660 0700 mouhid - ok

23:50:40.0673 0700 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

23:50:40.0674 0700 mountmgr - ok

23:50:40.0691 0700 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

23:50:40.0743 0700 mpio - ok

23:50:40.0767 0700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

23:50:40.0772 0700 mpsdrv - ok

23:50:40.0797 0700 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

23:50:40.0847 0700 MRxDAV - ok

23:50:40.0877 0700 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:50:40.0878 0700 mrxsmb - ok

23:50:40.0897 0700 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:50:40.0899 0700 mrxsmb10 - ok

23:50:40.0913 0700 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:50:40.0914 0700 mrxsmb20 - ok

23:50:40.0935 0700 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

23:50:40.0986 0700 msahci - ok

23:50:41.0009 0700 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

23:50:41.0051 0700 msdsm - ok

23:50:41.0078 0700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

23:50:41.0079 0700 Msfs - ok

23:50:41.0100 0700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

23:50:41.0106 0700 mshidkmdf - ok

23:50:41.0123 0700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

23:50:41.0123 0700 msisadrv - ok

23:50:41.0149 0700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

23:50:41.0154 0700 MSKSSRV - ok

23:50:41.0180 0700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

23:50:41.0186 0700 MSPCLOCK - ok

23:50:41.0203 0700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

23:50:41.0206 0700 MSPQM - ok

23:50:41.0231 0700 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

23:50:41.0233 0700 MsRPC - ok

23:50:41.0253 0700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

23:50:41.0254 0700 mssmbios - ok

23:50:41.0274 0700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

23:50:41.0278 0700 MSTEE - ok

23:50:41.0291 0700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

23:50:41.0296 0700 MTConfig - ok

23:50:41.0316 0700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

23:50:41.0316 0700 Mup - ok

23:50:41.0338 0700 NAL (b5a7ded4455d6d694091827dc91fed99) C:\Windows\system32\Drivers\iqvw64e.sys

23:50:41.0387 0700 NAL - ok

23:50:41.0415 0700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

23:50:41.0422 0700 NativeWifiP - ok

23:50:41.0479 0700 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

23:50:41.0485 0700 NDIS - ok

23:50:41.0505 0700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

23:50:41.0511 0700 NdisCap - ok

23:50:41.0526 0700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

23:50:41.0531 0700 NdisTapi - ok

23:50:41.0544 0700 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

23:50:41.0588 0700 Ndisuio - ok

23:50:41.0622 0700 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

23:50:41.0656 0700 NdisWan - ok

23:50:41.0665 0700 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

23:50:41.0698 0700 NDProxy - ok

23:50:41.0717 0700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

23:50:41.0717 0700 NetBIOS - ok

23:50:41.0735 0700 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

23:50:41.0785 0700 NetBT - ok

23:50:41.0818 0700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

23:50:41.0822 0700 nfrd960 - ok

23:50:41.0831 0700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

23:50:41.0832 0700 Npfs - ok

23:50:41.0869 0700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

23:50:41.0872 0700 nsiproxy - ok

23:50:42.0019 0700 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

23:50:42.0044 0700 Ntfs - ok

23:50:42.0058 0700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

23:50:42.0065 0700 Null - ok

23:50:42.0097 0700 NVHDA (6574620a7d7549bb72ea26c162025909) C:\Windows\system32\drivers\nvhda64v.sys

23:50:42.0149 0700 NVHDA - ok

23:50:42.0318 0700 nvlddmkm (68fa1d402873cd7c06096584d8c3c403) C:\Windows\system32\DRIVERS\nvlddmkm.sys

23:50:42.0388 0700 nvlddmkm - ok

23:50:42.0418 0700 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

23:50:42.0455 0700 nvraid - ok

23:50:42.0483 0700 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

23:50:42.0520 0700 nvstor - ok

23:50:42.0545 0700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

23:50:42.0551 0700 nv_agp - ok

23:50:42.0596 0700 OA002Afx (226d2c0e1aa9040646d6b158fd344046) C:\Windows\system32\Drivers\OA002Afx.sys

23:50:42.0643 0700 OA002Afx - ok

23:50:42.0655 0700 OA002Ufd (706f5504af9f28c8641dab5eddfde03b) C:\Windows\system32\DRIVERS\OA002Ufd.sys

23:50:42.0690 0700 OA002Ufd - ok

23:50:42.0711 0700 OA002Vid (2ce066adca145892715f1df163d879da) C:\Windows\system32\DRIVERS\OA002Vid.sys

23:50:42.0748 0700 OA002Vid - ok

23:50:42.0757 0700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

23:50:42.0762 0700 ohci1394 - ok

23:50:42.0794 0700 Packet (99e6aa0ae2d05389ba7f7dff6866b569) C:\Windows\system32\DRIVERS\packet.sys

23:50:42.0828 0700 Packet - ok

23:50:42.0841 0700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

23:50:42.0845 0700 Parport - ok

23:50:42.0863 0700 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

23:50:42.0864 0700 partmgr - ok

23:50:42.0877 0700 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

23:50:42.0878 0700 pci - ok

23:50:42.0901 0700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

23:50:42.0901 0700 pciide - ok

23:50:42.0918 0700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

23:50:42.0922 0700 pcmcia - ok

23:50:42.0945 0700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

23:50:42.0945 0700 pcw - ok

23:50:42.0965 0700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

23:50:42.0979 0700 PEAUTH - ok

23:50:43.0042 0700 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

23:50:43.0088 0700 PptpMiniport - ok

23:50:43.0097 0700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

23:50:43.0100 0700 Processor - ok

23:50:43.0128 0700 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

23:50:43.0129 0700 Psched - ok

23:50:43.0167 0700 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys

23:50:43.0168 0700 PxHlpa64 - ok

23:50:43.0210 0700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

23:50:43.0240 0700 ql2300 - ok

23:50:43.0250 0700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

23:50:43.0252 0700 ql40xx - ok

23:50:43.0271 0700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

23:50:43.0276 0700 QWAVEdrv - ok

23:50:43.0290 0700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

23:50:43.0294 0700 RasAcd - ok

23:50:43.0312 0700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

23:50:43.0315 0700 RasAgileVpn - ok

23:50:43.0329 0700 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:50:43.0375 0700 Rasl2tp - ok

23:50:43.0389 0700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

23:50:43.0394 0700 RasPppoe - ok

23:50:43.0410 0700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

23:50:43.0413 0700 RasSstp - ok

23:50:43.0429 0700 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

23:50:43.0430 0700 rdbss - ok

23:50:43.0453 0700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

23:50:43.0457 0700 rdpbus - ok

23:50:43.0471 0700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:50:43.0474 0700 RDPCDD - ok

23:50:43.0490 0700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

23:50:43.0493 0700 RDPENCDD - ok

23:50:43.0504 0700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

23:50:43.0506 0700 RDPREFMP - ok

23:50:43.0527 0700 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

23:50:43.0578 0700 RDPWD - ok

23:50:43.0598 0700 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

23:50:43.0599 0700 rdyboost - ok

23:50:43.0641 0700 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

23:50:43.0648 0700 RFCOMM - ok

23:50:43.0676 0700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

23:50:43.0680 0700 rspndr - ok

23:50:43.0692 0700 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

23:50:43.0743 0700 sbp2port - ok

23:50:43.0764 0700 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

23:50:43.0801 0700 scfilter - ok

23:50:43.0824 0700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

23:50:43.0827 0700 secdrv - ok

23:50:43.0838 0700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

23:50:43.0840 0700 Serenum - ok

23:50:43.0864 0700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

23:50:43.0867 0700 Serial - ok

23:50:43.0887 0700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

23:50:43.0891 0700 sermouse - ok

23:50:43.0929 0700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

23:50:43.0934 0700 sffdisk - ok

23:50:43.0952 0700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

23:50:43.0957 0700 sffp_mmc - ok

23:50:43.0966 0700 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

23:50:44.0011 0700 sffp_sd - ok

23:50:44.0028 0700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

23:50:44.0031 0700 sfloppy - ok

23:50:44.0048 0700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

23:50:44.0052 0700 SiSRaid2 - ok

23:50:44.0066 0700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

23:50:44.0070 0700 SiSRaid4 - ok

23:50:44.0088 0700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

23:50:44.0093 0700 Smb - ok

23:50:44.0114 0700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

23:50:44.0114 0700 spldr - ok

23:50:44.0143 0700 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

23:50:44.0145 0700 srv - ok

23:50:44.0165 0700 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

23:50:44.0168 0700 srv2 - ok

23:50:44.0184 0700 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

23:50:44.0186 0700 srvnet - ok

23:50:44.0207 0700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

23:50:44.0212 0700 stexstor - ok

23:50:44.0235 0700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

23:50:44.0236 0700 swenum - ok

23:50:44.0303 0700 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

23:50:44.0332 0700 Tcpip - ok

23:50:44.0386 0700 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

23:50:44.0397 0700 TCPIP6 - ok

23:50:44.0434 0700 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

23:50:44.0482 0700 tcpipreg - ok

23:50:44.0503 0700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

23:50:44.0508 0700 TDPIPE - ok

23:50:44.0526 0700 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

23:50:44.0528 0700 TDTCP - ok

23:50:44.0544 0700 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

23:50:44.0577 0700 tdx - ok

23:50:44.0595 0700 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

23:50:44.0622 0700 TermDD - ok

23:50:44.0645 0700 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:50:44.0679 0700 tssecsrv - ok

23:50:44.0697 0700 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

23:50:44.0731 0700 TsUsbFlt - ok

23:50:44.0745 0700 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

23:50:44.0778 0700 TsUsbGD - ok

23:50:44.0799 0700 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

23:50:44.0833 0700 tunnel - ok

23:50:44.0849 0700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

23:50:44.0853 0700 uagp35 - ok

23:50:44.0874 0700 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

23:50:44.0929 0700 udfs - ok

23:50:44.0949 0700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

23:50:44.0953 0700 uliagpkx - ok

23:50:44.0962 0700 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

23:50:44.0995 0700 umbus - ok

23:50:45.0019 0700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

23:50:45.0021 0700 UmPass - ok

23:50:45.0060 0700 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

23:50:45.0103 0700 usbaudio - ok

23:50:45.0159 0700 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

23:50:45.0209 0700 usbccgp - ok

23:50:45.0247 0700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

23:50:45.0251 0700 usbcir - ok

23:50:45.0277 0700 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

23:50:45.0330 0700 usbehci - ok

23:50:45.0350 0700 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

23:50:45.0387 0700 usbhub - ok

23:50:45.0409 0700 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

23:50:45.0443 0700 usbohci - ok

23:50:45.0456 0700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

23:50:45.0458 0700 usbprint - ok

23:50:45.0474 0700 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

23:50:45.0475 0700 USBSTOR - ok

23:50:45.0494 0700 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

23:50:45.0544 0700 usbuhci - ok

23:50:45.0561 0700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

23:50:45.0562 0700 vdrvroot - ok

23:50:45.0578 0700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

23:50:45.0581 0700 vga - ok

23:50:45.0593 0700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

23:50:45.0597 0700 VgaSave - ok

23:50:45.0616 0700 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

23:50:45.0655 0700 vhdmp - ok

23:50:45.0674 0700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

23:50:45.0678 0700 viaide - ok

23:50:45.0697 0700 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

23:50:45.0697 0700 volmgr - ok

23:50:45.0712 0700 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

23:50:45.0714 0700 volmgrx - ok

23:50:45.0731 0700 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

23:50:45.0733 0700 volsnap - ok

23:50:45.0753 0700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

23:50:45.0758 0700 vsmraid - ok

23:50:45.0769 0700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

23:50:45.0771 0700 vwifibus - ok

23:50:45.0791 0700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

23:50:45.0796 0700 WacomPen - ok

23:50:45.0820 0700 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:50:45.0856 0700 WANARP - ok

23:50:45.0860 0700 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:50:45.0860 0700 Wanarpv6 - ok

23:50:45.0877 0700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

23:50:45.0880 0700 Wd - ok

23:50:45.0900 0700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

23:50:45.0903 0700 Wdf01000 - ok

23:50:45.0925 0700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

23:50:45.0927 0700 WfpLwf - ok

23:50:45.0941 0700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

23:50:45.0944 0700 WIMMount - ok

23:50:45.0967 0700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

23:50:45.0971 0700 WmiAcpi - ok

23:50:45.0992 0700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

23:50:45.0995 0700 ws2ifsl - ok

23:50:46.0023 0700 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

23:50:46.0059 0700 WudfPf - ok

23:50:46.0078 0700 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:50:46.0112 0700 WUDFRd - ok

23:50:46.0145 0700 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

23:50:46.0154 0700 \Device\Harddisk0\DR0 - ok

23:50:46.0170 0700 Boot (0x1200) (60192bcf7fd244640006da84530b60d9) \Device\Harddisk0\DR0\Partition0

23:50:46.0171 0700 \Device\Harddisk0\DR0\Partition0 - ok

23:50:46.0174 0700 Boot (0x1200) (38c6d131303b09707be65fd453d7da01) \Device\Harddisk0\DR0\Partition1

23:50:46.0175 0700 \Device\Harddisk0\DR0\Partition1 - ok

23:50:46.0175 0700 ============================================================

23:50:46.0175 0700 Scan finished

23:50:46.0175 0700 ============================================================

23:50:46.0184 6196 Detected object count: 0

23:50:46.0184 6196 Actual detected object count: 0

Link to post
Share on other sites

Hi again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hi,

Log info is pasted below. Thanks again for your help.

ComboFix 11-10-18.04 - Frank 10/18/2011 23:46:30.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10270 [GMT -4:00]

Running from: c:\users\Frank\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\GoogleServiceManager.dll

c:\users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}

c:\users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}Update\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}updt32.DLL

c:\users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}\chrome.manifest

c:\users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}\chrome\content\_cfg.js

c:\users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}\chrome\content\overlay.xul

c:\users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}\install.rdf

c:\users\Frank\AppData\Local\Citrix\CitrixUpdate\Citrixupdt32.DLL

c:\users\Frank\AppData\Local\TCPIPUser.dll

c:\users\Frank\AppData\Roaming\790A.3D6

c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{52466b56-3c9b-4292-ae64-1504ea1a6ca3}

c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{52466b56-3c9b-4292-ae64-1504ea1a6ca3}\chrome.manifest

c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{52466b56-3c9b-4292-ae64-1504ea1a6ca3}\chrome\xulcache.jar

c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{52466b56-3c9b-4292-ae64-1504ea1a6ca3}\defaults\preferences\xulcache.js

c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{52466b56-3c9b-4292-ae64-1504ea1a6ca3}\install.rdf

c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{b0d1b358-4d13-4229-8df3-a8acb8bb156f}

c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{b0d1b358-4d13-4229-8df3-a8acb8bb156f}\chrome.manifest

c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{b0d1b358-4d13-4229-8df3-a8acb8bb156f}\chrome\xulcache.jar

c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{b0d1b358-4d13-4229-8df3-a8acb8bb156f}\defaults\preferences\xulcache.js

c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{b0d1b358-4d13-4229-8df3-a8acb8bb156f}\install.rdf

c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{d5658e8b-8b07-4f76-96a2-0770b72e6d48}

c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{d5658e8b-8b07-4f76-96a2-0770b72e6d48}\chrome.manifest

c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{d5658e8b-8b07-4f76-96a2-0770b72e6d48}\chrome\xulcache.jar

c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{d5658e8b-8b07-4f76-96a2-0770b72e6d48}\defaults\preferences\xulcache.js

c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{d5658e8b-8b07-4f76-96a2-0770b72e6d48}\install.rdf

c:\users\Frank\Desktop\Security Protection.lnk

c:\users\Frank\GoToAssistDownloadHelper.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))

.

.

2011-10-19 03:53 . 2011-10-19 03:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-17 03:11 . 2011-10-17 03:11 -------- d-----w- c:\users\Frank\AppData\Roaming\Malwarebytes

2011-10-17 03:10 . 2011-10-17 03:10 -------- d-----w- c:\programdata\Malwarebytes

2011-10-17 03:10 . 2011-10-17 03:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-17 03:10 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-13 04:32 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 04:32 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-10-13 04:32 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-10-13 04:32 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 04:32 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 04:32 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 04:32 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-10-13 04:32 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-10-11 02:32 . 2011-10-11 02:32 101888 ----a-w- c:\windows\SysWow64\srrstr.dll

2011-10-11 01:25 . 2011-10-06 20:42 28504 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-26 02:17 . 2011-08-26 02:17 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-15 14:00 . 2010-08-13 02:33 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-15 14:00 . 2010-08-13 02:33 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-08-15 14:00 . 2010-08-13 02:33 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-15 14:00 . 2010-08-13 02:33 481504 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-15 14:00 . 2010-08-13 02:33 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-08-15 14:00 . 2010-08-13 02:33 228752 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-15 14:00 . 2010-08-13 02:33 100904 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-15 14:00 . 2010-06-01 00:32 158584 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-08-15 14:00 . 2009-09-26 02:17 642824 ----a-w- c:\windows\system32\drivers\mfehidk.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"iYogi Support Dock"="c:\program files (x86)\iYogi Support Dock\iYogiSupportDock.exe" [2011-06-30 1574128]

"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-10 1671824]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Bomgar_Cleanup_ZD6127729553"="rd" [X]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe [2009-07-09 33448]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-09-30 1038088]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-02-24 88576]

S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-08-06 24645]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 IYSODiskOptimizer;IYSODiskOptimizer;c:\program files (x86)\iYogi Support Dock\pccare\IYSODefragSrv64.exe [2011-05-10 286720]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 208272]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 158832]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088]

S2 SupportDockService.exe;Support Dock Service;c:\program files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [2011-06-13 73728]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [x]

S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [x]

S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 02:18]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 02:18]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183097681-2360656231-3853966839-1000Core.job

- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 02:02]

.

2011-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183097681-2360656231-3853966839-1000UA.job

- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 02:02]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:61556

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 61556

FF - prefs.js: network.proxy.type - 1

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-Macromedia Update - c:\users\Frank\AppData\Local\Citrix\CitrixUpdate\Citrixupdt32.DLL

Wow6432Node-HKCU-Run-GoogleServiceManager - c:\programdata\GoogleServiceManager.dll

Wow6432Node-HKCU-Run-Widcomm Update - c:\users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}Update\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}updt32.DLL

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]

"ImagePath"="\"c:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files (x86)\MySQL\MySQL Server 5.1\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-10-18 23:54:47

ComboFix-quarantined-files.txt 2011-10-19 03:54

.

Pre-Run: 765,735,014,400 bytes free

Post-Run: 765,752,365,056 bytes free

.

- - End Of File - - 6D81702E80484BFEF446875B090C3E03

Link to post
Share on other sites

That is looking better already. Please let me know how things are running after the following fix.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:61556

Firefox::
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61556
FF - prefs.js: network.proxy.type - 1


Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Thanks, Elise. Here is the ComboFix.txt file:

ComboFix 11-10-18.04 - Frank 10/20/2011 23:27:09.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10426 [GMT -4:00]

Running from: c:\users\Frank\Desktop\ComboFix.exe

Command switches used :: c:\users\Frank\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))

.

.

2011-10-21 03:34 . 2011-10-21 03:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-17 03:11 . 2011-10-17 03:11 -------- d-----w- c:\users\Frank\AppData\Roaming\Malwarebytes

2011-10-17 03:10 . 2011-10-17 03:10 -------- d-----w- c:\programdata\Malwarebytes

2011-10-17 03:10 . 2011-10-17 03:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-17 03:10 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-13 04:32 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 04:32 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

2011-10-13 04:32 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

2011-10-13 04:32 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 04:32 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 04:32 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 04:32 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-10-13 04:32 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-10-11 02:32 . 2011-10-11 02:32 101888 ----a-w- c:\windows\SysWow64\srrstr.dll

2011-10-11 01:25 . 2011-10-06 20:42 28504 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-26 02:17 . 2011-08-26 02:17 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-15 14:00 . 2010-08-13 02:33 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-08-15 14:00 . 2010-08-13 02:33 75672 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2011-08-15 14:00 . 2010-08-13 02:33 65128 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-08-15 14:00 . 2010-08-13 02:33 481504 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-08-15 14:00 . 2010-08-13 02:33 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2011-08-15 14:00 . 2010-08-13 02:33 228752 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-08-15 14:00 . 2010-08-13 02:33 100904 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-08-15 14:00 . 2010-06-01 00:32 158584 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2011-08-15 14:00 . 2009-09-26 02:17 642824 ----a-w- c:\windows\system32\drivers\mfehidk.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-19_03.53.28 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2011-10-19 00:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-10-21 00:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-10-19 00:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-10-21 00:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-10-21 00:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-10-19 00:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2011-10-21 00:27 38472 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-08-20 02:49 . 2011-10-19 00:09 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-08-20 02:49 . 2011-10-21 00:26 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-08-20 02:49 . 2011-10-19 00:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-08-20 02:49 . 2011-10-21 00:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-10-19 00:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-10-21 00:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-20 05:14 . 2011-10-21 00:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-08-20 05:14 . 2011-10-19 00:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-08-20 05:14 . 2011-10-21 00:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-08-20 05:14 . 2011-10-19 00:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-08-20 05:14 . 2011-10-21 00:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-20 05:14 . 2011-10-19 00:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-20 05:24 . 2011-10-21 03:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-08-20 05:24 . 2011-10-19 03:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-08-20 05:24 . 2011-10-21 03:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-08-20 05:24 . 2011-10-19 03:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-20 05:24 . 2011-10-21 00:27 8186 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4183097681-2360656231-3853966839-1000_UserData.bin

- 2011-10-19 00:09 . 2011-10-19 00:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-10-21 00:25 . 2011-10-21 00:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-10-19 00:09 . 2011-10-19 00:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-10-21 00:25 . 2011-10-21 00:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-08-20 20:37 . 2011-10-20 01:49 313426 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

- 2009-07-14 02:36 . 2011-10-19 00:14 623940 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-10-21 00:30 623940 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-10-21 00:30 106316 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-10-19 00:14 106316 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2011-10-18 05:05 352404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-10-20 04:13 352404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"iYogi Support Dock"="c:\program files (x86)\iYogi Support Dock\iYogiSupportDock.exe" [2011-06-30 1574128]

"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-16 1674896]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Bomgar_Cleanup_ZD6127729553"="rd" [X]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 0314501319156787mcinstcleanup;McAfee Application Installer Cleanup (0314501319156787);c:\windows\TEMP\031450~1.EXE [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe [2009-07-09 33448]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-09-30 1038088]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-02-24 88576]

S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-08-06 24645]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 IYSODiskOptimizer;IYSODiskOptimizer;c:\program files (x86)\iYogi Support Dock\pccare\IYSODefragSrv64.exe [2011-05-10 286720]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-08-19 208272]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-08-19 158832]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088]

S2 SupportDockService.exe;Support Dock Service;c:\program files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [2011-06-13 73728]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [x]

S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [x]

S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 02:18]

.

2011-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 02:18]

.

2011-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183097681-2360656231-3853966839-1000Core.job

- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 02:02]

.

2011-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4183097681-2360656231-3853966839-1000UA.job

- c:\users\Frank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-22 02:02]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Frank\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]

"ImagePath"="\"c:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files (x86)\MySQL\MySQL Server 5.1\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-10-20 23:35:40

ComboFix-quarantined-files.txt 2011-10-21 03:35

ComboFix2.txt 2011-10-19 03:54

.

Pre-Run: 767,981,301,760 bytes free

Post-Run: 767,930,548,224 bytes free

.

- - End Of File - - FF5D395AF324773612CCAEA1D2BEB068

Link to post
Share on other sites

MWB seems to be running much better. Does this look like a complete scan?

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8000

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

10/22/2011 3:15:54 PM

mbam-log-2011-10-22 (15-15-54).txt

Scan type: Full scan (C:\|)

Objects scanned: 548563

Time elapsed: 1 hour(s), 37 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Yes, that looks like a full scan. :) Lets run one additional scan.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

Here is the list of threats found:

C:\Qoobox\Quarantine\C\ProgramData\GoogleServiceManager.dll.vir a variant of Win32/Kryptik.TXQ trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Frank\AppData\Local\TCPIPUser.dll.vir a variant of Win32/Kryptik.TXQ trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Frank\AppData\Local\Citrix\CitrixUpdate\Citrixupdt32.DLL.vir a variant of Win32/Kryptik.TXQ trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Frank\AppData\Local\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}Update\{6F88E8DB-2957-4C40-9F2C-88B4C1F2E382}updt32.DLL.vir a variant of Win32/Kryptik.TXQ trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{52466b56-3c9b-4292-ae64-1504ea1a6ca3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{52466b56-3c9b-4292-ae64-1504ea1a6ca3}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined

C:\Qoobox\Quarantine\C\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{b0d1b358-4d13-4229-8df3-a8acb8bb156f}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{b0d1b358-4d13-4229-8df3-a8acb8bb156f}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan deleted - quarantined

C:\Qoobox\Quarantine\C\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\ibbn5jll.default\extensions\{d5658e8b-8b07-4f76-96a2-0770b72e6d48}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Default\imonoidhamejjfnpnjgpmmmhejpafokj\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Frank\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\imonoidhamejjfnpnjgpmmmhejpafokj\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined

C:\Users\Frank\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7709a4ca-5af22949 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined

C:\Windows\System32\srrstr.dll a variant of Win32/Kryptik.TXQ trojan unable to clean

C:\Windows\SysWOW64\srrstr.dll a variant of Win32/Kryptik.TXQ trojan cleaned by deleting - quarantined

Link to post
Share on other sites

Hi, these were just leftovers (the uncleanable file is part of a system file modifying software package, which, although not recommended, is not malicious itself).

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.