View Full Version : redirect with explorer opens on own and plays music/ads
fjsizemore
2011-10-21, 03:57
My system became infected. I tried several things to remove. I eventually had to run a complete system restore, but it was still infected after restore.
Since the restore, I have downloaded and ran Malwarebytes, superantispyware, spybot search and destroy, and windows malicious file remover, i have also used mcaffee.
the symptoms include redirects using browsers, both internet explorer and firefox.
Also Iexplore starts on its own and then I hear over the speakers various radio stations and ads. Some are local stations I recognize, some are not.
here is the dds log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Sizemore at 20:08:27 on 2011-10-20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3002.1832 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\explorer.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookHelper.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361011t225l04f4z1k5t5632o373
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361011t225l04f4z1k5t5632o373
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361011t225l04f4z1k5t5632o373
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361011t225l04f4z1k5t5632o373
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111017014419.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{71ED1027-C273-4D0D-99C4-D5299971C003} : DhcpNameServer = 192.168.254.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Notify: SDWinLogon - SDWinLogon.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111017014419.dll
BHO-X64: scriptproxy - No File
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sizemore\AppData\Roaming\Mozilla\Firefox\Profiles\qo4juh29.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-20 48888]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-27 325200]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-10-16 865824]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-26 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-10-17 355440]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-10-17 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-10-17 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-10-17 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-4-27 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-4-27 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-4-27 149032]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-5 144640]
R2 SDHookService;Spybot S&D 2 Live Protection Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-20 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-20 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-20 955816]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-20 169624]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-4-27 243232]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 135664]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-2-1 305520]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-5 50432]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-4-27 332272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-26 225280]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-10-17 355440]
.
=============== Created Last 30 ================
.
2011-10-20 23:34:58 -------- d-----w- C:\ProcAlyzer Dumps
2011-10-20 21:45:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-20 21:45:26 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2011-10-20 21:45:22 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2011-10-20 01:41:11 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL
2011-10-19 20:43:05 -------- d-----w- C:\Users\Sizemore\AppData\Local\Adobe
2011-10-19 17:04:25 -------- d-----w- C:\Windows\SysWow64\Wat
2011-10-19 17:04:25 -------- d-----w- C:\Windows\System32\Wat
2011-10-18 21:17:14 -------- d-----w- C:\Users\Sizemore\AppData\Local\Microsoft Games
2011-10-18 21:16:07 -------- d-----w- C:\Users\Sizemore\AppData\Roaming\WildTangent
2011-10-18 21:04:23 -------- d-----w- C:\Users\Sizemore\AppData\Roaming\SUPERAntiSpyware.com
2011-10-18 02:25:32 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-10-18 02:25:32 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-10-18 02:04:49 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-10-18 02:04:49 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-10-18 02:04:49 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-10-18 02:04:49 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-10-18 02:04:49 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-10-18 02:04:49 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-10-18 02:04:49 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-10-18 02:04:49 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-10-18 02:04:49 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-10-18 02:04:49 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-10-18 01:31:00 -------- d-----w- C:\Users\Sizemore\AppData\Local\ElevatedDiagnostics
2011-10-17 05:36:27 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
2011-10-17 05:22:41 -------- d-----w- C:\Windows\NAPP_Dism_Log
2011-10-17 04:29:20 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2011-10-17 04:27:47 -------- d-----w- C:\Windows\SysWow64\x64
2011-10-17 04:27:47 -------- d-----w- C:\Windows\SysWow64\Lang
2011-10-17 04:27:46 1002008 ----a-w- C:\Windows\SysWow64\igxpun.exe
2011-10-17 03:29:15 -------- d-----w- C:\96e3a79989575a52000408d0e44dca
2011-10-17 03:03:11 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-10-17 03:03:11 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2011-10-17 02:36:41 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-10-17 02:36:35 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-10-17 02:36:35 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-10-17 02:36:35 153160 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-10-17 02:36:35 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-10-17 02:36:31 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2011-10-17 02:36:31 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2011-10-17 02:36:27 1739176 ----a-w- C:\Windows\System32\ntdll.dll
2011-10-17 02:36:26 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-10-17 02:34:24 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-10-17 02:33:43 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-10-17 02:32:50 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-10-17 02:31:48 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-10-17 02:29:58 2870272 ----a-w- C:\Windows\explorer.exe
2011-10-17 02:27:33 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2011-10-17 02:26:54 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-10-17 02:25:57 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-10-17 02:24:59 52224 ----a-w- C:\Windows\System32\rtutils.dll
2011-10-17 02:24:59 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2011-10-17 02:22:22 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-10-17 02:22:21 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-10-17 02:22:21 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-10-17 02:22:15 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2011-10-17 02:22:13 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2011-10-17 02:22:06 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-10-17 02:22:02 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-10-17 02:22:02 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-10-17 02:21:59 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-17 02:21:58 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-17 02:21:58 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-17 02:21:58 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-17 02:21:56 112000 ----a-w- C:\Windows\System32\consent.exe
2011-10-17 02:19:46 -------- d-----w- C:\Users\Sizemore\AppData\Roaming\Malwarebytes
2011-10-17 02:19:35 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-17 02:19:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-17 02:18:18 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-10-17 02:12:54 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-10-17 02:12:54 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-10-17 02:12:54 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-10-17 02:12:52 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-10-17 02:12:52 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-10-17 02:12:52 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-10-17 02:12:51 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-10-17 02:12:50 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-10-17 02:12:50 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-10-17 02:12:50 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-10-17 01:50:00 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-10-17 01:50:00 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-10-17 01:49:42 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-10-17 01:48:59 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-10-17 01:48:32 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2011-10-17 01:47:55 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ca69052d1cc8c6e\DSETUP.dll
2011-10-17 01:47:55 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ca69052d1cc8c6e\DXSETUP.exe
2011-10-17 01:47:55 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ca69052d1cc8c6e\dsetup32.dll
2011-10-17 01:47:26 141402440 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc2656.tmp
2011-10-17 01:47:23 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-10-17 01:46:15 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
2011-10-17 01:45:03 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-10-17 01:45:03 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-10-17 01:45:03 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-10-17 01:42:58 -------- d-----w- C:\Program Files\Synaptics
2011-10-17 01:40:57 -------- d-----w- C:\Program Files (x86)\Launch Manager
2011-10-17 01:40:32 -------- d-----w- C:\Users\Sizemore\AppData\Roaming\Intel Corporation
2011-10-17 01:40:12 -------- d---a-w- C:\book
2011-10-17 01:40:11 -------- d-----w- C:\Users\Sizemore\AppData\Local\EgisTec IPS
2011-10-17 01:37:23 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-10-17 01:37:23 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-10-17 01:37:23 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-10-17 01:37:23 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-10-17 01:37:23 -------- d-----w- C:\Program Files (x86)\OEM
2011-10-17 01:37:14 -------- d-----w- C:\ProgramData\OEM_E471269A730D
.
==================== Find3M ====================
.
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
.
============= FINISH: 20:18:10.70 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Sounds like your MBR (Master Boot Record ) may be infected, this is whats going around right now. A System Restore would not have helped.
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
fjsizemore
2011-10-22, 03:49
ASWMBR LOG FILE
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-21 20:42:32
-----------------------------
20:42:32.327 OS Version: Windows x64 6.1.7600
20:42:32.327 Number of processors: 2 586 0x170A
20:42:32.327 ComputerName: SIZEMORE-PC UserName: Sizemore
20:42:33.512 Initialize success
20:43:45.404 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:43:45.404 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
20:43:45.420 Disk 0 MBR read successfully
20:43:45.420 Disk 0 MBR scan
20:43:45.420 Disk 0 TDL4@MBR code has been found
20:43:45.436 Disk 0 Windows 7 default MBR code found via API
20:43:45.436 Disk 0 MBR hidden
20:43:45.436 Disk 0 MBR [TDL4] **ROOTKIT**
20:43:45.436 Disk 0 trace - called modules:
20:43:45.451 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8005121254]<<
20:43:45.451 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005106060]
20:43:45.451 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e57050]
20:43:45.467 \Driver\iaStor[0xfffffa8002dcce70] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8005121254
20:43:45.467 Scan finished successfully
20:44:14.733 Disk 0 MBR has been saved successfully to "C:\Users\Sizemore\Desktop\MBR.dat"
20:44:14.733 The log file has been saved successfully to "C:\Users\Sizemore\Desktop\aswMBR.txt"
MBR CHECK LOG FILE
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 5734Z
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 163):
0x02E1B000 \SystemRoot\system32\ntoskrnl.exe
0x033F7000 \SystemRoot\system32\hal.dll
0x00BCA000 \SystemRoot\system32\kdcom.dll
0x00C6E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CB2000 \SystemRoot\system32\PSHED.dll
0x00CC6000 \SystemRoot\system32\CLFS.SYS
0x00D24000 \SystemRoot\system32\CI.dll
0x00E1D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EC1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00ED0000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F27000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F30000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F3A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F6D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F7A000 \SystemRoot\System32\drivers\partmgr.sys
0x00F8F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F98000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FA4000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FB9000 \SystemRoot\System32\drivers\mountmgr.sys
0x010BF000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x012C7000 \SystemRoot\system32\DRIVERS\atapi.sys
0x012D0000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x012FA000 \SystemRoot\system32\drivers\amdxata.sys
0x01305000 \SystemRoot\system32\drivers\fltmgr.sys
0x01351000 \SystemRoot\system32\drivers\fileinfo.sys
0x01365000 \SystemRoot\system32\drivers\mfehidk.sys
0x01435000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x015D7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01658000 \SystemRoot\System32\Drivers\cng.sys
0x016CB000 \SystemRoot\System32\drivers\pcw.sys
0x016DC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016E6000 \SystemRoot\system32\drivers\ndis.sys
0x0105E000 \SystemRoot\system32\drivers\NETIO.SYS
0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x01A9A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AE4000 \SystemRoot\system32\drivers\mfewfpk.sys
0x01B28000 \SystemRoot\system32\drivers\TDI.SYS
0x01B35000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01B81000 \SystemRoot\System32\Drivers\spldr.sys
0x01B89000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BC3000 \SystemRoot\System32\Drivers\mup.sys
0x01BD5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01A00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A3A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A50000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x04042000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0406C000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x04075000 \SystemRoot\System32\Drivers\Null.SYS
0x0407E000 \SystemRoot\System32\Drivers\Beep.SYS
0x04085000 \SystemRoot\System32\drivers\vga.sys
0x04093000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x040B8000 \SystemRoot\System32\drivers\watchdog.sys
0x040C8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x040D1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x040DA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x040E3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x040EE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x040FF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0411D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04162000 \SystemRoot\system32\drivers\afd.sys
0x041EB000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03E00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x01BDE000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x0162B000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x01BEF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x017D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01641000 \SystemRoot\system32\DRIVERS\termdd.sys
0x041F4000 \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys
0x01A8E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x017F3000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x04231000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04282000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0428E000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x042A1000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x042A9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x042B4000 \SystemRoot\System32\drivers\discache.sys
0x042C3000 \SystemRoot\System32\Drivers\dfsc.sys
0x042E1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x042F2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04318000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04AB3000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x03CC4000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03DB8000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03C00000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03C0D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03C63000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03C74000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02E37000 \SystemRoot\system32\DRIVERS\athrx.sys
0x02FBE000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x02FCB000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x02FE0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02E00000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02E1E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04A00000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x02E2D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02FE5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02FF4000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x02E2F000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x03C98000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03CA1000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04A49000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04A5F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03CB1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04A83000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x051BB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x051D6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0432E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02FFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04348000 \SystemRoot\system32\DRIVERS\ks.sys
0x0438B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0439D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04200000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0525F000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05490000 \SystemRoot\system32\drivers\portcls.sys
0x054CD000 \SystemRoot\system32\drivers\drmk.sys
0x054EF000 \SystemRoot\system32\drivers\ksthunk.sys
0x054F5000 \SystemRoot\system32\drivers\mfeavfk.sys
0x05522000 \SystemRoot\system32\drivers\mfefirek.sys
0x0558C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x055A9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x055B7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x055D0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x055D9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x055E7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05200000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03E26000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x0520E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05221000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x05231000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x055F4000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x04215000 \SystemRoot\System32\drivers\Dxapi.sys
0x04221000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x007C0000 \SystemRoot\System32\cdd.dll
0x01400000 \SystemRoot\system32\drivers\luafv.sys
0x00FD3000 \SystemRoot\system32\drivers\WudfPf.sys
0x013E5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02A57000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02AAA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02ABD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02AD5000 \SystemRoot\system32\drivers\HTTP.sys
0x02B9D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02BBB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02BD3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03AD2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03AF5000 \SystemRoot\System32\Drivers\usbvideo.sys
0x03B23000 \SystemRoot\system32\drivers\peauth.sys
0x03BC9000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03A00000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03A2D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03A3F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07864000 \SystemRoot\System32\DRIVERS\srv.sys
0x07915000 \SystemRoot\system32\drivers\cfwids.sys
0x07994000 \SystemRoot\system32\drivers\mfeapfk.sys
0x079B0000 \??\C:\Users\Sizemore\AppData\Local\Temp\aswMBR.sys
0x76E00000 \Windows\System32\ntdll.dll
0x47820000 \Windows\System32\smss.exe
0xFF120000 \Windows\System32\apisetschema.dll
Processes (total 83):
0 System Idle Process
4 System
324 C:\Windows\System32\smss.exe
560 csrss.exe
616 C:\Windows\System32\wininit.exe
628 csrss.exe
664 C:\Windows\System32\services.exe
684 C:\Windows\System32\lsass.exe
692 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\winlogon.exe
856 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
500 C:\Windows\System32\svchost.exe
568 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\spoolsv.exe
1352 C:\Windows\System32\svchost.exe
1488 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1532 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
1756 C:\Windows\System32\taskhost.exe
1812 C:\Windows\System32\dwm.exe
1992 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
1240 C:\Windows\System32\svchost.exe
512 C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
1528 C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
1400 C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
1720 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
1712 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2068 C:\Windows\System32\rundll32.exe
2076 C:\Windows\SysWOW64\rundll32.exe
2108 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2120 C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
2236 C:\Windows\System32\igfxtray.exe
2252 C:\Windows\System32\hkcmd.exe
2308 C:\Windows\System32\igfxpers.exe
2324 C:\Windows\System32\igfxsrvc.exe
2332 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2500 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
2508 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2732 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
2744 C:\Program Files\mcafee.com\agent\mcagent.exe
2772 C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
2800 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
2820 C:\Program Files (x86)\Launch Manager\LManager.exe
2828 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
2876 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2924 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
2980 C:\Program Files (x86)\Launch Manager\LMworker.exe
1804 C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
2760 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
2960 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
3580 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
3664 C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
3884 C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
3964 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
2936 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3484 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
3544 C:\Windows\System32\wbem\unsecapp.exe
3588 WmiPrvSE.exe
1092 C:\Windows\System32\igfxext.exe
3100 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
3508 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
4400 C:\Windows\System32\svchost.exe
5636 C:\Windows\System32\SearchIndexer.exe
6576 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
7956 C:\Windows\System32\svchost.exe
4048 C:\Program Files\Windows Media Player\wmpnetwk.exe
12096 C:\Windows\explorer.exe
11552 C:\Windows\servicing\TrustedInstaller.exe
3316 C:\Windows\System32\wuauclt.exe
6964 C:\Program Files\Common Files\mcafee\core\mchost.exe
11332 C:\Program Files\Common Files\mcafee\core\mchost.exe
1040 C:\Windows\System32\audiodg.exe
12028 C:\Windows\System32\taskeng.exe
10980 C:\Windows\System32\taskeng.exe
7128 C:\Windows\System32\SearchProtocolHost.exe
3048 C:\Windows\System32\SearchFilterHost.exe
6672 dllhost.exe
3292 dllhost.exe
3852 C:\Users\Sizemore\Desktop\MBRCheck.exe
10952 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`46500000 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500BEVT-22A23T0, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Good Morning,
Lets do this first, be sure to select CURE when it asks as your infected with the TDL4 version of the TDSS Rootkit, and then we will look a bit deeper into your MBR
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
fjsizemore
2011-10-22, 16:32
09:19:00.0621 3324 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
09:19:01.0057 3324 ============================================================
09:19:01.0057 3324 Current date / time: 2011/10/22 09:19:01.0057
09:19:01.0057 3324 SystemInfo:
09:19:01.0057 3324
09:19:01.0057 3324 OS Version: 6.1.7600 ServicePack: 0.0
09:19:01.0057 3324 Product type: Workstation
09:19:01.0057 3324 ComputerName: SIZEMORE-PC
09:19:01.0057 3324 UserName: Sizemore
09:19:01.0057 3324 Windows directory: C:\Windows
09:19:01.0057 3324 System windows directory: C:\Windows
09:19:01.0057 3324 Running under WOW64
09:19:01.0057 3324 Processor architecture: Intel x64
09:19:01.0057 3324 Number of processors: 2
09:19:01.0057 3324 Page size: 0x1000
09:19:01.0057 3324 Boot type: Normal boot
09:19:01.0057 3324 ============================================================
09:19:01.0401 3324 Initialize success
09:19:16.0018 2132 ============================================================
09:19:16.0018 2132 Scan started
09:19:16.0018 2132 Mode: Manual;
09:19:16.0018 2132 ============================================================
09:19:16.0455 2132 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
09:19:16.0455 2132 1394ohci - ok
09:19:16.0595 2132 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
09:19:16.0595 2132 ACPI - ok
09:19:16.0704 2132 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
09:19:16.0704 2132 AcpiPmi - ok
09:19:16.0860 2132 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:19:16.0876 2132 adp94xx - ok
09:19:17.0001 2132 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:19:17.0001 2132 adpahci - ok
09:19:17.0157 2132 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:19:17.0157 2132 adpu320 - ok
09:19:17.0297 2132 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
09:19:17.0313 2132 AFD - ok
09:19:17.0438 2132 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
09:19:17.0438 2132 agp440 - ok
09:19:17.0578 2132 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
09:19:17.0578 2132 aliide - ok
09:19:17.0687 2132 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
09:19:17.0703 2132 amdide - ok
09:19:17.0812 2132 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:19:17.0812 2132 AmdK8 - ok
09:19:17.0937 2132 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:19:17.0937 2132 AmdPPM - ok
09:19:18.0077 2132 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
09:19:18.0077 2132 amdsata - ok
09:19:18.0218 2132 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:19:18.0218 2132 amdsbs - ok
09:19:18.0358 2132 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
09:19:18.0358 2132 amdxata - ok
09:19:18.0498 2132 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
09:19:18.0498 2132 AppID - ok
09:19:18.0639 2132 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:19:18.0639 2132 arc - ok
09:19:18.0764 2132 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:19:18.0764 2132 arcsas - ok
09:19:18.0904 2132 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:19:18.0904 2132 AsyncMac - ok
09:19:19.0044 2132 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
09:19:19.0044 2132 atapi - ok
09:19:19.0154 2132 athr (5074cca8927d5ed5d102ec48bb771e3f) C:\Windows\system32\DRIVERS\athrx.sys
09:19:19.0185 2132 athr - ok
09:19:19.0356 2132 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:19:19.0372 2132 b06bdrv - ok
09:19:19.0528 2132 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:19:19.0528 2132 b57nd60a - ok
09:19:19.0668 2132 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:19:19.0668 2132 Beep - ok
09:19:19.0840 2132 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:19:19.0840 2132 blbdrive - ok
09:19:19.0949 2132 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
09:19:19.0949 2132 bowser - ok
09:19:20.0090 2132 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:19:20.0090 2132 BrFiltLo - ok
09:19:20.0199 2132 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:19:20.0214 2132 BrFiltUp - ok
09:19:20.0324 2132 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:19:20.0324 2132 Brserid - ok
09:19:20.0433 2132 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:19:20.0433 2132 BrSerWdm - ok
09:19:20.0526 2132 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:19:20.0526 2132 BrUsbMdm - ok
09:19:20.0636 2132 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:19:20.0636 2132 BrUsbSer - ok
09:19:20.0760 2132 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:19:20.0760 2132 BTHMODEM - ok
09:19:20.0916 2132 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:19:20.0932 2132 cdfs - ok
09:19:21.0057 2132 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
09:19:21.0057 2132 cdrom - ok
09:19:21.0197 2132 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
09:19:21.0197 2132 cfwids - ok
09:19:21.0322 2132 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:19:21.0322 2132 circlass - ok
09:19:21.0416 2132 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:19:21.0431 2132 CLFS - ok
09:19:21.0572 2132 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:19:21.0572 2132 CmBatt - ok
09:19:21.0681 2132 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
09:19:21.0681 2132 cmdide - ok
09:19:21.0759 2132 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
09:19:21.0759 2132 CNG - ok
09:19:21.0884 2132 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:19:21.0884 2132 Compbatt - ok
09:19:22.0024 2132 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:19:22.0024 2132 CompositeBus - ok
09:19:22.0164 2132 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:19:22.0164 2132 crcdisk - ok
09:19:22.0320 2132 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
09:19:22.0320 2132 DfsC - ok
09:19:22.0461 2132 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:19:22.0461 2132 discache - ok
09:19:22.0601 2132 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:19:22.0601 2132 Disk - ok
09:19:22.0757 2132 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
09:19:22.0757 2132 dot4 - ok
09:19:22.0866 2132 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:19:22.0882 2132 Dot4Print - ok
09:19:22.0991 2132 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
09:19:22.0991 2132 dot4usb - ok
09:19:23.0116 2132 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:19:23.0132 2132 drmkaud - ok
09:19:23.0288 2132 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
09:19:23.0303 2132 DXGKrnl - ok
09:19:23.0490 2132 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:19:23.0553 2132 ebdrv - ok
09:19:23.0709 2132 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:19:23.0709 2132 elxstor - ok
09:19:23.0834 2132 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
09:19:23.0834 2132 ErrDev - ok
09:19:23.0912 2132 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:19:23.0912 2132 exfat - ok
09:19:23.0990 2132 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:19:23.0990 2132 fastfat - ok
09:19:24.0099 2132 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:19:24.0099 2132 fdc - ok
09:19:24.0177 2132 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:19:24.0177 2132 FileInfo - ok
09:19:24.0270 2132 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:19:24.0270 2132 Filetrace - ok
09:19:24.0411 2132 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:19:24.0411 2132 flpydisk - ok
09:19:24.0551 2132 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
09:19:24.0551 2132 FltMgr - ok
09:19:24.0676 2132 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:19:24.0676 2132 FsDepends - ok
09:19:24.0785 2132 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:19:24.0785 2132 Fs_Rec - ok
09:19:24.0941 2132 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:19:24.0941 2132 fvevol - ok
09:19:25.0082 2132 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:19:25.0082 2132 gagp30kx - ok
09:19:25.0253 2132 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:19:25.0253 2132 hcw85cir - ok
09:19:25.0394 2132 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
09:19:25.0394 2132 HdAudAddService - ok
09:19:25.0518 2132 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:19:25.0518 2132 HDAudBus - ok
09:19:25.0628 2132 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:19:25.0628 2132 HidBatt - ok
09:19:25.0752 2132 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:19:25.0752 2132 HidBth - ok
09:19:25.0846 2132 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:19:25.0846 2132 HidIr - ok
09:19:25.0971 2132 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
09:19:25.0971 2132 HidUsb - ok
09:19:26.0127 2132 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:19:26.0127 2132 HpSAMD - ok
09:19:26.0220 2132 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
09:19:26.0236 2132 HTTP - ok
09:19:26.0314 2132 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
09:19:26.0314 2132 hwpolicy - ok
09:19:26.0439 2132 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
09:19:26.0439 2132 i8042prt - ok
09:19:26.0532 2132 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
09:19:26.0548 2132 iaStor - ok
09:19:26.0673 2132 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
09:19:26.0673 2132 iaStorV - ok
09:19:26.0985 2132 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:19:27.0141 2132 igfx - ok
09:19:27.0266 2132 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:19:27.0266 2132 iirsp - ok
09:19:27.0422 2132 IntcAzAudAddService (1768ccc0ccda73a5b3d7a17a3c52e870) C:\Windows\system32\drivers\RTKVHD64.sys
09:19:27.0484 2132 IntcAzAudAddService - ok
09:19:27.0624 2132 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
09:19:27.0624 2132 intelide - ok
09:19:27.0702 2132 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:19:27.0702 2132 intelppm - ok
09:19:27.0734 2132 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:19:27.0749 2132 IpFilterDriver - ok
09:19:27.0780 2132 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:19:27.0780 2132 IPMIDRV - ok
09:19:27.0796 2132 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:19:27.0812 2132 IPNAT - ok
09:19:27.0874 2132 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:19:27.0874 2132 IRENUM - ok
09:19:27.0890 2132 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
09:19:27.0890 2132 isapnp - ok
09:19:27.0983 2132 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
09:19:27.0983 2132 iScsiPrt - ok
09:19:28.0061 2132 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:19:28.0077 2132 kbdclass - ok
09:19:28.0155 2132 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
09:19:28.0170 2132 kbdhid - ok
09:19:28.0233 2132 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
09:19:28.0233 2132 KSecDD - ok
09:19:28.0264 2132 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
09:19:28.0264 2132 KSecPkg - ok
09:19:28.0358 2132 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:19:28.0358 2132 ksthunk - ok
09:19:28.0467 2132 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\Windows\system32\DRIVERS\L1C62x64.sys
09:19:28.0467 2132 L1C - ok
09:19:28.0592 2132 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:19:28.0592 2132 lltdio - ok
09:19:28.0716 2132 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:19:28.0716 2132 LSI_FC - ok
09:19:28.0794 2132 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:19:28.0810 2132 LSI_SAS - ok
09:19:28.0857 2132 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:19:28.0857 2132 LSI_SAS2 - ok
09:19:28.0966 2132 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:19:28.0966 2132 LSI_SCSI - ok
09:19:29.0075 2132 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:19:29.0075 2132 luafv - ok
09:19:29.0262 2132 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:19:29.0262 2132 megasas - ok
09:19:29.0294 2132 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:19:29.0294 2132 MegaSR - ok
09:19:29.0418 2132 mfeapfk (31338e489314ae2a29534fbaa7ad2f1b) C:\Windows\system32\drivers\mfeapfk.sys
09:19:29.0418 2132 mfeapfk - ok
09:19:29.0543 2132 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
09:19:29.0543 2132 mfeavfk - ok
09:19:29.0621 2132 mfeavfk01 - ok
09:19:29.0699 2132 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
09:19:29.0699 2132 mfefirek - ok
09:19:29.0808 2132 mfehidk (a2607740bb18d631da01e01dcb81843b) C:\Windows\system32\drivers\mfehidk.sys
09:19:29.0808 2132 mfehidk - ok
09:19:29.0886 2132 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
09:19:29.0886 2132 mfenlfk - ok
09:19:29.0996 2132 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
09:19:30.0011 2132 mferkdet - ok
09:19:30.0042 2132 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
09:19:30.0042 2132 mfewfpk - ok
09:19:30.0152 2132 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:19:30.0152 2132 Modem - ok
09:19:30.0198 2132 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:19:30.0198 2132 monitor - ok
09:19:30.0292 2132 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:19:30.0292 2132 mouclass - ok
09:19:30.0370 2132 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:19:30.0386 2132 mouhid - ok
09:19:30.0401 2132 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
09:19:30.0401 2132 mountmgr - ok
09:19:30.0510 2132 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
09:19:30.0526 2132 mpio - ok
09:19:30.0542 2132 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:19:30.0542 2132 mpsdrv - ok
09:19:30.0666 2132 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
09:19:30.0666 2132 MRxDAV - ok
09:19:30.0729 2132 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:19:30.0729 2132 mrxsmb - ok
09:19:30.0838 2132 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:19:30.0838 2132 mrxsmb10 - ok
09:19:30.0900 2132 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:19:30.0900 2132 mrxsmb20 - ok
09:19:31.0010 2132 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
09:19:31.0010 2132 msahci - ok
09:19:31.0041 2132 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
09:19:31.0056 2132 msdsm - ok
09:19:31.0103 2132 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:19:31.0103 2132 Msfs - ok
09:19:31.0150 2132 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:19:31.0166 2132 mshidkmdf - ok
09:19:31.0181 2132 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
09:19:31.0181 2132 msisadrv - ok
09:19:31.0337 2132 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:19:31.0337 2132 MSKSSRV - ok
09:19:31.0400 2132 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:19:31.0400 2132 MSPCLOCK - ok
09:19:31.0462 2132 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:19:31.0462 2132 MSPQM - ok
09:19:31.0540 2132 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
09:19:31.0556 2132 MsRPC - ok
09:19:31.0571 2132 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
09:19:31.0571 2132 mssmbios - ok
09:19:31.0727 2132 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:19:31.0727 2132 MSTEE - ok
09:19:31.0743 2132 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:19:31.0743 2132 MTConfig - ok
09:19:31.0774 2132 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:19:31.0790 2132 Mup - ok
09:19:31.0852 2132 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
09:19:31.0852 2132 mwlPSDFilter - ok
09:19:31.0899 2132 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
09:19:31.0914 2132 mwlPSDNServ - ok
09:19:31.0961 2132 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
09:19:31.0961 2132 mwlPSDVDisk - ok
09:19:32.0117 2132 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:19:32.0117 2132 NativeWifiP - ok
09:19:32.0258 2132 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
09:19:32.0273 2132 NDIS - ok
09:19:32.0429 2132 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:19:32.0429 2132 NdisCap - ok
09:19:32.0507 2132 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:19:32.0507 2132 NdisTapi - ok
09:19:32.0632 2132 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
09:19:32.0632 2132 Ndisuio - ok
09:19:32.0663 2132 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:19:32.0679 2132 NdisWan - ok
09:19:32.0694 2132 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
09:19:32.0694 2132 NDProxy - ok
09:19:32.0804 2132 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:19:32.0804 2132 NetBIOS - ok
09:19:32.0835 2132 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
09:19:32.0835 2132 NetBT - ok
09:19:32.0991 2132 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:19:32.0991 2132 nfrd960 - ok
09:19:33.0069 2132 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:19:33.0069 2132 Npfs - ok
09:19:33.0131 2132 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:19:33.0131 2132 nsiproxy - ok
09:19:33.0272 2132 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
09:19:33.0303 2132 Ntfs - ok
09:19:33.0443 2132 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
09:19:33.0443 2132 NTIDrvr - ok
09:19:33.0506 2132 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:19:33.0506 2132 Null - ok
09:19:33.0568 2132 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
09:19:33.0568 2132 nvraid - ok
09:19:33.0615 2132 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
09:19:33.0615 2132 nvstor - ok
09:19:33.0740 2132 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
09:19:33.0740 2132 nv_agp - ok
09:19:33.0786 2132 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
09:19:33.0786 2132 ohci1394 - ok
09:19:33.0911 2132 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:19:33.0911 2132 Parport - ok
09:19:33.0958 2132 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
09:19:33.0958 2132 partmgr - ok
09:19:33.0974 2132 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
09:19:33.0974 2132 pci - ok
09:19:33.0989 2132 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
09:19:33.0989 2132 pciide - ok
09:19:34.0052 2132 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:19:34.0052 2132 pcmcia - ok
09:19:34.0083 2132 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:19:34.0083 2132 pcw - ok
09:19:34.0114 2132 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:19:34.0114 2132 PEAUTH - ok
09:19:34.0286 2132 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
09:19:34.0286 2132 PptpMiniport - ok
09:19:34.0332 2132 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:19:34.0332 2132 Processor - ok
09:19:34.0457 2132 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
09:19:34.0457 2132 Psched - ok
09:19:34.0551 2132 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:19:34.0582 2132 ql2300 - ok
09:19:34.0676 2132 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:19:34.0691 2132 ql40xx - ok
09:19:34.0738 2132 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:19:34.0738 2132 QWAVEdrv - ok
09:19:34.0754 2132 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:19:34.0754 2132 RasAcd - ok
09:19:34.0863 2132 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:19:34.0863 2132 RasAgileVpn - ok
09:19:34.0941 2132 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:19:34.0941 2132 Rasl2tp - ok
09:19:35.0003 2132 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:19:35.0003 2132 RasPppoe - ok
09:19:35.0034 2132 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:19:35.0034 2132 RasSstp - ok
09:19:35.0050 2132 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
09:19:35.0066 2132 rdbss - ok
09:19:35.0081 2132 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:19:35.0097 2132 rdpbus - ok
09:19:35.0112 2132 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:19:35.0112 2132 RDPCDD - ok
09:19:35.0222 2132 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:19:35.0222 2132 RDPENCDD - ok
09:19:35.0268 2132 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:19:35.0268 2132 RDPREFMP - ok
09:19:35.0300 2132 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
09:19:35.0300 2132 RDPWD - ok
09:19:35.0424 2132 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
09:19:35.0424 2132 rdyboost - ok
09:19:35.0596 2132 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:19:35.0596 2132 rspndr - ok
09:19:35.0643 2132 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\System32\Drivers\RtsUStor.sys
09:19:35.0658 2132 RSUSBSTOR - ok
09:19:35.0799 2132 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:19:35.0799 2132 SASDIFSV - ok
09:19:35.0830 2132 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:19:35.0846 2132 SASKUTIL - ok
09:19:35.0939 2132 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
09:19:35.0939 2132 sbp2port - ok
09:19:35.0986 2132 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
09:19:35.0986 2132 scfilter - ok
09:19:36.0126 2132 SDHookDriver (16080b87c1992415be20a83fe8da1b14) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys
09:19:36.0142 2132 SDHookDriver - ok
09:19:36.0267 2132 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:19:36.0267 2132 secdrv - ok
09:19:36.0345 2132 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:19:36.0345 2132 Serenum - ok
09:19:36.0376 2132 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:19:36.0376 2132 Serial - ok
09:19:36.0392 2132 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:19:36.0392 2132 sermouse - ok
09:19:36.0423 2132 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
09:19:36.0423 2132 sffdisk - ok
09:19:36.0438 2132 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:19:36.0438 2132 sffp_mmc - ok
09:19:36.0454 2132 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:19:36.0454 2132 sffp_sd - ok
09:19:36.0470 2132 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:19:36.0470 2132 sfloppy - ok
09:19:36.0501 2132 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:19:36.0501 2132 SiSRaid2 - ok
09:19:36.0516 2132 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:19:36.0516 2132 SiSRaid4 - ok
09:19:36.0563 2132 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:19:36.0563 2132 Smb - ok
09:19:36.0672 2132 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:19:36.0672 2132 spldr - ok
09:19:36.0750 2132 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
09:19:36.0750 2132 srv - ok
09:19:36.0782 2132 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
09:19:36.0782 2132 srv2 - ok
09:19:36.0828 2132 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
09:19:36.0828 2132 srvnet - ok
09:19:36.0938 2132 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:19:36.0953 2132 stexstor - ok
09:19:36.0984 2132 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
09:19:36.0984 2132 swenum - ok
09:19:37.0140 2132 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
09:19:37.0140 2132 SynTP - ok
09:19:37.0281 2132 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
09:19:37.0312 2132 Tcpip - ok
09:19:37.0468 2132 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
09:19:37.0484 2132 TCPIP6 - ok
09:19:37.0530 2132 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
09:19:37.0530 2132 tcpipreg - ok
09:19:37.0562 2132 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:19:37.0562 2132 TDPIPE - ok
09:19:37.0577 2132 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:19:37.0577 2132 TDTCP - ok
09:19:37.0624 2132 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
09:19:37.0624 2132 tdx - ok
09:19:37.0624 2132 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
09:19:37.0640 2132 TermDD - ok
09:19:37.0780 2132 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:19:37.0780 2132 tssecsrv - ok
09:19:37.0811 2132 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
09:19:37.0827 2132 tunnel - ok
09:19:37.0842 2132 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:19:37.0842 2132 uagp35 - ok
09:19:37.0889 2132 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
09:19:37.0889 2132 UBHelper - ok
09:19:38.0014 2132 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
09:19:38.0014 2132 udfs - ok
09:19:38.0076 2132 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:19:38.0076 2132 uliagpkx - ok
09:19:38.0154 2132 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
09:19:38.0154 2132 umbus - ok
09:19:38.0232 2132 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:19:38.0232 2132 UmPass - ok
09:19:38.0279 2132 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
09:19:38.0279 2132 usbccgp - ok
09:19:38.0326 2132 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
09:19:38.0326 2132 usbcir - ok
09:19:38.0435 2132 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
09:19:38.0435 2132 usbehci - ok
09:19:38.0513 2132 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
09:19:38.0529 2132 usbhub - ok
09:19:38.0560 2132 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
09:19:38.0560 2132 usbohci - ok
09:19:38.0607 2132 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:19:38.0607 2132 usbprint - ok
09:19:38.0685 2132 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
09:19:38.0685 2132 USBSTOR - ok
09:19:38.0716 2132 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
09:19:38.0716 2132 usbuhci - ok
09:19:38.0856 2132 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
09:19:38.0856 2132 usbvideo - ok
09:19:38.0934 2132 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:19:38.0934 2132 vdrvroot - ok
09:19:39.0059 2132 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:19:39.0059 2132 vga - ok
09:19:39.0106 2132 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:19:39.0106 2132 VgaSave - ok
09:19:39.0122 2132 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
09:19:39.0122 2132 vhdmp - ok
09:19:39.0137 2132 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
09:19:39.0137 2132 viaide - ok
09:19:39.0200 2132 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
09:19:39.0215 2132 volmgr - ok
09:19:39.0231 2132 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
09:19:39.0231 2132 volmgrx - ok
09:19:39.0246 2132 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
09:19:39.0246 2132 volsnap - ok
09:19:39.0293 2132 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:19:39.0293 2132 vsmraid - ok
09:19:39.0309 2132 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:19:39.0309 2132 vwifibus - ok
09:19:39.0324 2132 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:19:39.0324 2132 vwififlt - ok
09:19:39.0356 2132 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:19:39.0356 2132 WacomPen - ok
09:19:39.0387 2132 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:19:39.0402 2132 WANARP - ok
09:19:39.0418 2132 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:19:39.0418 2132 Wanarpv6 - ok
09:19:39.0543 2132 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:19:39.0543 2132 Wd - ok
09:19:39.0574 2132 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:19:39.0574 2132 Wdf01000 - ok
09:19:39.0714 2132 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:19:39.0714 2132 WfpLwf - ok
09:19:39.0761 2132 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:19:39.0761 2132 WIMMount - ok
09:19:39.0902 2132 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:19:39.0902 2132 WmiAcpi - ok
09:19:40.0026 2132 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:19:40.0026 2132 ws2ifsl - ok
09:19:40.0089 2132 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
09:19:40.0089 2132 WudfPf - ok
09:19:40.0182 2132 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:19:40.0182 2132 WUDFRd - ok
09:19:40.0245 2132 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:19:40.0260 2132 \Device\Harddisk0\DR0 - ok
09:19:40.0276 2132 Boot (0x1200) (f718d3ba5c2dc901b201c69b9da2b732) \Device\Harddisk0\DR0\Partition0
09:19:40.0276 2132 \Device\Harddisk0\DR0\Partition0 - ok
09:19:40.0292 2132 Boot (0x1200) (6cd34d22ac7b0ca9382e610f0ef53a0c) \Device\Harddisk0\DR0\Partition1
09:19:40.0292 2132 \Device\Harddisk0\DR0\Partition1 - ok
09:19:40.0292 2132 ============================================================
09:19:40.0292 2132 Scan finished
09:19:40.0292 2132 ============================================================
09:19:40.0307 2524 Detected object count: 0
09:19:40.0307 2524 Actual detected object count: 0
09:21:45.0482 6704 Deinitialize success
fjsizemore
2011-10-22, 17:05
Thanks Ken for helping me with this issue. It is extremely frustrating trying to use the internet to do anything since becoming infected.
Since yesterday, after downloading the two mbr files and running them, iexplore has not started on its own and I have not had any music playing. However, the search results in explorer and firefox is still being redirected to other sites.
I had not restarted my computer since running mbr last night, but after running the tdsskiller, i rebooted and noticed that neither Spybot S&D nor another anti spyware had started on reboot. My Mcafee software started, but not the others. I also checked the task manager processes and about 20 fewer processes were running as compared to before.
Because the tdsskiller did not find any threats, I re-ran it after the reboot but received the same results.
I have not used the computer at all between posting the reply on the thread last night and downloading tdsskiller and running it this morning.
Again, thanks for your help. It is much appreciated.
Jeff
Hello Jeff,
Lets do this
Rerun aswMBR just to scan and post the new log
Then lets run Combofix
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
fjsizemore
2011-10-22, 20:04
Please note that combofix restarted my computer and that windows explorer failed to start. It produced the log file and I was able to save it, but had to turn off the computer to get explorer to start up. I have been having intermittent messages that explorer has a an error and it restarts.
aswmbr log
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-22 11:21:46
-----------------------------
11:21:46.336 OS Version: Windows x64 6.1.7600
11:21:46.336 Number of processors: 2 586 0x170A
11:21:46.336 ComputerName: SIZEMORE-PC UserName: Sizemore
11:21:46.913 Initialize success
11:21:51.669 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:21:51.669 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
11:21:51.716 Disk 0 MBR read successfully
11:21:51.716 Disk 0 MBR scan
11:21:51.716 Disk 0 TDL4@MBR code has been found
11:21:51.716 Disk 0 Windows 7 default MBR code found via API
11:21:51.716 Disk 0 MBR hidden
11:21:51.732 Disk 0 MBR [TDL4] **ROOTKIT**
11:21:51.732 Disk 0 trace - called modules:
11:21:51.732 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8005124254]<<
11:21:51.747 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005108060]
11:21:51.747 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e90050]
11:21:51.747 \Driver\iaStor[0xfffffa8002dd7700] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8005124254
11:21:51.747 Scan finished successfully
11:21:57.925 Disk 0 MBR has been saved successfully to "C:\Users\Sizemore\Desktop\MBR.dat"
11:21:57.956 The log file has been saved successfully to "C:\Users\Sizemore\Desktop\aswMBR2.txt"
ComboFix Log
ComboFix 11-10-21.06 - Sizemore 10/22/2011 11:33:35.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3002.1807 [GMT -4:00]
Running from: c:\users\Sizemore\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-09-22 to 2011-10-22 )))))))))))))))))))))))))))))))
.
.
2011-10-22 16:02 . 2011-10-22 16:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-21 00:41 . 2011-10-21 00:41 -------- d-----w- c:\program files (x86)\ERUNT
2011-10-20 23:34 . 2011-10-20 23:34 -------- d-----w- C:\ProcAlyzer Dumps
2011-10-20 21:45 . 2011-10-22 16:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-20 21:45 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2011-10-20 21:45 . 2011-10-20 21:45 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2011-10-20 01:41 . 2008-05-07 23:59 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
2011-10-19 17:04 . 2011-10-19 17:04 -------- d-----w- c:\windows\SysWow64\Wat
2011-10-19 17:04 . 2011-10-19 17:04 -------- d-----w- c:\windows\system32\Wat
2011-10-18 02:25 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-10-18 02:25 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-10-18 02:04 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-10-18 02:04 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-10-18 02:04 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-10-18 02:04 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-10-18 02:04 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-10-18 02:04 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-10-18 02:04 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-10-18 02:04 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-10-18 02:04 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-10-18 02:04 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-10-17 05:22 . 2011-10-17 05:22 -------- d-----w- c:\windows\NAPP_Dism_Log
2011-10-17 04:29 . 2011-10-17 04:29 3 ----a-w- c:\windows\system32\PLD_Framework.cmd
2011-10-17 04:27 . 2011-10-17 04:27 -------- d-----w- c:\windows\SysWow64\x64
2011-10-17 04:27 . 2011-10-17 04:27 -------- d-----w- c:\windows\SysWow64\Lang
2011-10-17 04:27 . 2010-03-15 02:17 1002008 ----a-w- c:\windows\SysWow64\igxpun.exe
2011-10-17 03:29 . 2011-10-17 03:29 -------- d-----w- C:\96e3a79989575a52000408d0e44dca
2011-10-17 03:10 . 2011-10-17 03:10 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-17 03:03 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-10-17 03:03 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-10-17 02:36 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-10-17 02:36 . 2009-12-11 10:29 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-10-17 02:36 . 2009-12-11 09:24 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2011-10-17 02:36 . 2009-12-11 07:39 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2011-10-17 02:36 . 2009-12-11 07:36 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2011-10-17 02:36 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-10-17 02:36 . 2010-05-05 06:46 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2011-10-17 02:36 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll
2011-10-17 02:36 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-10-17 02:34 . 2011-05-04 05:28 2228224 ----a-w- c:\windows\system32\mssrch.dll
2011-10-17 02:33 . 2010-11-02 05:12 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-10-17 02:32 . 2011-02-19 04:13 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-10-17 02:31 . 2011-07-16 05:21 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-10-17 02:29 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-10-17 02:27 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-10-17 02:26 . 2011-06-15 09:58 212992 ----a-w- c:\windows\system32\odbctrac.dll
2011-10-17 02:25 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-10-17 02:24 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll
2011-10-17 02:24 . 2010-06-19 06:23 37376 ----a-w- c:\windows\SysWow64\rtutils.dll
2011-10-17 02:22 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-17 02:22 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-10-17 02:22 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-10-17 02:22 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-10-17 02:22 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-10-17 02:22 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-10-17 02:22 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-17 02:22 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-10-17 02:21 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-17 02:21 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-17 02:21 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-17 02:21 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-17 02:21 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2011-10-17 02:19 . 2011-10-17 02:19 -------- d-----w- c:\programdata\Malwarebytes
2011-10-17 02:19 . 2011-10-17 02:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-17 02:18 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-10-17 02:12 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-10-17 02:12 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-10-17 02:12 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-10-17 02:12 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-10-17 02:12 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-10-17 02:12 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-10-17 02:12 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-10-17 02:12 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-10-17 02:12 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-10-17 02:12 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-10-17 01:50 . 2006-11-29 17:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-10-17 01:50 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-10-17 01:49 . 2011-10-17 01:49 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-10-17 01:48 . 2011-10-17 01:48 -------- d-----w- c:\program files (x86)\Microsoft
2011-10-17 01:48 . 2011-10-17 01:48 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2011-10-17 01:48 . 2011-10-17 01:50 -------- d-----w- c:\program files (x86)\Windows Live
2011-10-17 01:47 . 2011-10-17 01:47 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-10-17 01:46 . 2011-10-17 01:46 -------- d-----w- c:\program files (x86)\Common Files\CyberLink
2011-10-17 01:45 . 2011-10-17 01:46 -------- d-----w- c:\program files (x86)\CyberLink
2011-10-17 01:45 . 2011-10-17 01:44 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-10-17 01:45 . 2011-10-17 01:44 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-10-17 01:45 . 2011-10-17 01:44 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-10-17 01:42 . 2011-10-17 01:42 -------- d-----w- c:\program files\Synaptics
2011-10-17 01:40 . 2011-10-17 01:41 -------- d-----w- c:\program files (x86)\Launch Manager
2011-10-17 01:40 . 2011-10-17 01:40 -------- d---a-w- C:\book
2011-10-17 01:37 . 2011-10-17 01:37 -------- d-----w- c:\program files (x86)\OEM
2011-10-17 01:37 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-10-17 01:37 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-10-17 01:37 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-10-17 01:37 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-10-17 01:37 . 2011-10-17 01:37 -------- d-----w- c:\programdata\OEM_E471269A730D
2011-10-17 01:34 . 2011-10-17 01:39 -------- d-----w- c:\users\Sizemore
2011-10-17 01:34 . 2011-10-17 01:34 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-04-27 04:09 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-27 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 5500800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-24 1486392]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
.
c:\users\Sizemore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 135664]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-04-27 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-05 48888]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-06 865824]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 149032]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-22 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-20 19:46]
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 01:41]
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 01:41]
.
2011-10-22 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2011-10-20 19:46]
.
2011-10-22 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2011-10-20 19:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-04-27 04:09 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-23 10134560]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-15 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-15 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-15 365592]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-06 860192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361011t225l04f4z1k5t5632o373
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361011t225l04f4z1k5t5632o373
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\users\Sizemore\AppData\Roaming\Mozilla\Firefox\Profiles\qo4juh29.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-10-22 12:45:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-22 16:45
.
Pre-Run: 190,191,812,608 bytes free
Post-Run: 191,040,409,600 bytes free
.
- - End Of File - - 63ED1D1A08C8328B8BA0F1999DCF07E1
The logs are showing that the MBR is ok , but aswMBR is still showing the TDL4 rootkit. I am surprised that TDSSKiller has not fixed this.
Re-Run aswMBR
Click Scan
On completion of the scan
Click Fix
http://public.avast.com/~gmerek/aswMBR3.png
Save the log as before and post in your next reply
fjsizemore
2011-10-22, 21:08
I ran mbr and clicked the "fix" buton. It ran and then retarted my my computer. The "Startup Repair" has been popping up and running and then restarting. It has done this now 8-10 times and continues. I am posting this message from a second machine. Should I let the "Startup Repair" continue to run?
Thanks
Jeff
Jeff, see if you can stop it and then do this
We are going to use the Recovery Console to repair the MBR infection. Lets begin by restarting your computer then:
1.During Startup, select Recovery Console from the startup options menu.
2.Once the Recovery Console loads up, you will have to type in a number that corresponds to your Windows installation. This is normally just 1.
3.Press Enter and then type in the Administrator password (if applicable) if none then press enter again.
4. Now at the command prompt, type in fixmbr. The damaged MBR will now be replaced with a new master boot record and your computer should boot properly free of the bootkit infection.
5.To exit the Recovery Console and restart the computer, type exit.
fjsizemore
2011-10-22, 22:02
When I cancel out of Startup Repair, I get a box that has an option to restart, and it has an option for advanced options. I clicked on advance options, it ask that I login and I choose my user name and enter the passowrd and it takes me to another screen. I have several items to choose from. One is startup repair, system restore, system image recovery, windows memory diagnostic, command prompt, and rcovery managment. This is where I restored the system last time to factory default.
I chose the command promt option and it takes me to a dos prompt at the X:\windows\system32
I tried to type fixmbr, but it does not recognize that as a available item.
I try to go to the c drive, does not exist, dir says it is system reserved. I do to the D drive and that is where all my normal windows diretories are located and I can see the log files we have created throughout this process. I tryied the fixmbr and it returns an error.
When I restart, it doesn't give me any options for recovery console but goes directly back into the process of startup repair.
Lets restore to Factory Defaults and go from there.
When it boots back up run DDS and post a new log please
Download DDS from one of the links below to your desktop
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)
fjsizemore
2011-10-22, 23:25
Restore completed. I am still hearing the ads over the speakers.
Here are the logs.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Sizemore at 15:57:27 on 2011-10-22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3002.1536 [GMT -4:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\Google\Google Toolbar\Update\gtb585E.tmp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\OEM\Preload\Command\AlaunchX\AlaunchX.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\conhost.exe
C:\OEM\Preload\Autorun\APP\PowerDVD v9.0\setup.exe
C:\Windows\system32\taskeng.exe
C:\Users\Sizemore\AppData\Local\Temp\{9CFE8081-BF77-47C4-AEF3-73C1DE4A8BCD}\ISBEW64.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\system32\DllHost.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361011t225l04f4z1k5t5632o373
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361011t225l04f4z1k5t5632o373
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361011t225l04f4z1k5t5632o373
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361011t225l04f4z1k5t5632o373
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100426210525.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{F8F52A3F-633E-4A2E-84DD-B1F13087D5CF} : DhcpNameServer = 192.168.254.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100426210525.dll
BHO-X64: scriptproxy - No File
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-26 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]
R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]
R2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-4-27 199032]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-4-27 244840]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-4-27 148520]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-5 144640]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-2-1 305520]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-5 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-26 225280]
.
=============== Created Last 30 ================
.
2011-10-22 23:34:51 -------- d-----w- C:\Windows\NAPP_Dism_Log
2011-10-22 22:41:29 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2011-10-22 22:39:56 -------- d-----w- C:\Windows\SysWow64\x64
2011-10-22 22:39:56 -------- d-----w- C:\Windows\SysWow64\Lang
2011-10-22 22:39:55 1002008 ----a-w- C:\Windows\SysWow64\igxpun.exe
2011-10-22 19:56:43 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-10-22 19:56:43 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-10-22 19:56:43 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-10-22 19:54:21 -------- d-----w- C:\Program Files\Synaptics
2011-10-22 19:52:23 -------- d-----w- C:\Program Files (x86)\Launch Manager
2011-10-22 19:51:51 -------- d-----w- C:\Users\Sizemore\AppData\Roaming\Intel Corporation
2011-10-22 19:51:35 -------- d---a-w- C:\book
2011-10-22 19:51:34 -------- d-----w- C:\Users\Sizemore\AppData\Local\EgisTec IPS
2011-10-22 19:49:10 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-10-22 19:49:10 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-10-22 19:48:56 -------- d-----w- C:\Program Files (x86)\OEM
2011-10-22 19:48:46 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2011-10-22 19:45:51 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
.
============= FINISH: 16:06:08.77 ===============
Lets run MBRCheck
Step 1 | Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
fjsizemore
2011-10-22, 23:37
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 5734Z
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 173):
0x02A1F000 \SystemRoot\system32\ntoskrnl.exe
0x02FFC000 \SystemRoot\system32\hal.dll
0x00B98000 \SystemRoot\system32\kdcom.dll
0x00CF6000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D3A000 \SystemRoot\system32\PSHED.dll
0x00D4E000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E12000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EB6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EC5000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F1C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F25000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F2F000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F62000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F6F000 \SystemRoot\System32\drivers\partmgr.sys
0x00F84000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F8D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F99000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x010AE000 \SystemRoot\System32\drivers\volmgrx.sys
0x0110A000 \SystemRoot\System32\drivers\mountmgr.sys
0x012E4000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x014EC000 \SystemRoot\system32\DRIVERS\atapi.sys
0x014F5000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0151F000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0152A000 \SystemRoot\system32\drivers\fltmgr.sys
0x01576000 \SystemRoot\system32\drivers\fileinfo.sys
0x01200000 \SystemRoot\system32\drivers\mfehidk.sys
0x01620000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0127F000 \SystemRoot\System32\Drivers\msrpc.sys
0x017C3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0158A000 \SystemRoot\System32\Drivers\cng.sys
0x017DD000 \SystemRoot\System32\drivers\pcw.sys
0x017EE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0183D000 \SystemRoot\system32\drivers\ndis.sys
0x0192F000 \SystemRoot\system32\drivers\NETIO.SYS
0x0198F000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A01000 \SystemRoot\System32\drivers\tcpip.sys
0x01124000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x019BA000 \SystemRoot\system32\drivers\mfewfpk.sys
0x01800000 \SystemRoot\system32\drivers\TDI.SYS
0x0116E000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0180D000 \SystemRoot\System32\Drivers\spldr.sys
0x011BA000 \SystemRoot\System32\drivers\rdyboost.sys
0x01815000 \SystemRoot\System32\Drivers\mup.sys
0x01827000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01000000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01600000 \SystemRoot\system32\DRIVERS\disk.sys
0x0103A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x040CB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x040F5000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x040FE000 \SystemRoot\System32\Drivers\Null.SYS
0x04107000 \SystemRoot\System32\Drivers\Beep.SYS
0x0410E000 \SystemRoot\System32\drivers\vga.sys
0x0411C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04141000 \SystemRoot\System32\drivers\watchdog.sys
0x04151000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0415A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04163000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0416C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04177000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04188000 \SystemRoot\system32\DRIVERS\tdx.sys
0x041A6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03E00000 \SystemRoot\system32\drivers\afd.sys
0x03E8A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01078000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03E93000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x00FAE000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x041EB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x00FC4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x00FDF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x00DAC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03EA4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x00CC0000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x01830000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x0109E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x00E00000 \SystemRoot\System32\drivers\discache.sys
0x00CD3000 \SystemRoot\System32\Drivers\dfsc.sys
0x03CD6000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03CE7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03D0D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04A73000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02E53000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02F47000 \SystemRoot\System32\drivers\dxgmms1.sys
0x02F8D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02F9A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02E00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E11000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04243000 \SystemRoot\system32\DRIVERS\athrx.sys
0x043CA000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x043D7000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x043EC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04200000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0421E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0517B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0422D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0422F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x043F1000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x02E35000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x02E3D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x02FF0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x051C4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x051DA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02E46000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04A00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04A2F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04A4A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03D23000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x043F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03D3D000 \SystemRoot\system32\DRIVERS\ks.sys
0x03D80000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03D92000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03C00000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0523C000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0546D000 \SystemRoot\system32\drivers\portcls.sys
0x054AA000 \SystemRoot\system32\drivers\drmk.sys
0x054CC000 \SystemRoot\system32\drivers\ksthunk.sys
0x054D2000 \SystemRoot\system32\drivers\mfeavfk.sys
0x054FF000 \SystemRoot\system32\drivers\mfefirek.sys
0x05569000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05586000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x05596000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x055BE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x055CC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x055E5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x055EE000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x05200000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0522E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03C15000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03C22000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03EB0000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x03C30000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x03C43000 \SystemRoot\System32\drivers\Dxapi.sys
0x03C4F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005F0000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x03C5D000 \SystemRoot\system32\drivers\luafv.sys
0x03C80000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0266C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x026BF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x026D2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x026EA000 \SystemRoot\system32\drivers\HTTP.sys
0x027B2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x027D0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02600000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02A3A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02A87000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02AAA000 \SystemRoot\system32\drivers\peauth.sys
0x02B50000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02B5B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02B88000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0440D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x044A3000 \SystemRoot\System32\DRIVERS\srv.sys
0x0453B000 \SystemRoot\system32\drivers\cfwids.sys
0x045D6000 \SystemRoot\system32\drivers\mfeapfk.sys
0x045F2000 \??\C:\Users\Sizemore\AppData\Local\Temp\aswMBR.sys
0x773A0000 \Windows\System32\ntdll.dll
0x47BA0000 \Windows\System32\smss.exe
0xFF6C0000 \Windows\System32\apisetschema.dll
0xFFA00000 \Windows\System32\autochk.exe
0xFF5E0000 \Windows\System32\usp10.dll
0xFE850000 \Windows\System32\shell32.dll
0x77570000 \Windows\System32\psapi.dll
0xFE720000 \Windows\System32\wininet.dll
0xFE6F0000 \Windows\System32\imm32.dll
0xFE670000 \Windows\System32\difxapi.dll
0xFE660000 \Windows\System32\lpk.dll
0xFE5C0000 \Windows\System32\msvcrt.dll
0x77280000 \Windows\System32\kernel32.dll
0xFE550000 \Windows\System32\gdi32.dll
0xFE4B0000 \Windows\System32\comdlg32.dll
0xFE330000 \Windows\System32\urlmon.dll
0xFE290000 \Windows\System32\clbcatq.dll
Processes (total 81):
0 System Idle Process
4 System
328 C:\Windows\System32\smss.exe
564 csrss.exe
616 C:\Windows\System32\wininit.exe
632 csrss.exe
676 C:\Windows\System32\services.exe
708 C:\Windows\System32\winlogon.exe
736 C:\Windows\System32\lsass.exe
744 C:\Windows\System32\lsm.exe
860 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
352 C:\Windows\System32\svchost.exe
480 C:\Windows\System32\svchost.exe
404 C:\Windows\System32\audiodg.exe
608 C:\Windows\servicing\TrustedInstaller.exe
1052 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\spoolsv.exe
1320 C:\Windows\System32\svchost.exe
1604 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
1692 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
1716 C:\Windows\System32\svchost.exe
1740 C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
1872 C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
1900 C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
1940 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
1968 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2024 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
1180 C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
1540 C:\Windows\System32\rundll32.exe
1448 C:\Windows\SysWOW64\rundll32.exe
1656 C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
1672 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
2808 C:\Windows\System32\svchost.exe
1408 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2332 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
832 C:\Windows\System32\SearchIndexer.exe
1644 C:\Windows\System32\SearchProtocolHost.exe
2816 C:\Windows\System32\taskhost.exe
1100 C:\Windows\System32\taskeng.exe
1456 C:\Windows\System32\dwm.exe
888 C:\Windows\explorer.exe
3360 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3368 C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
3376 C:\Windows\System32\igfxtray.exe
3396 C:\Windows\System32\hkcmd.exe
3404 C:\Windows\System32\igfxpers.exe
3448 C:\Windows\System32\igfxsrvc.exe
3476 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3484 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
3524 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3772 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
3780 C:\Program Files\mcafee.com\agent\mcagent.exe
3924 C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
4016 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
4084 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3268 C:\Program Files (x86)\Launch Manager\LManager.exe
3620 C:\PROGRA~2\INTERN~1\iexplore.exe
2052 C:\Windows\System32\svchost.exe
3992 C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
4144 C:\Program Files\Windows Media Player\wmpnetwk.exe
4152 C:\Windows\System32\igfxext.exe
4188 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
4232 C:\Windows\System32\wbem\unsecapp.exe
4288 WmiPrvSE.exe
4388 C:\Program Files (x86)\Launch Manager\LMworker.exe
4436 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
4568 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
4772 C:\Windows\System32\msiexec.exe
2692 C:\Program Files\Common Files\mcafee\core\mchost.exe
740 C:\PROGRA~2\INTERN~1\iexplore.exe
3688 C:\ProgramData\Google\Google Toolbar\Update\gtb49CC.tmp.exe
5660 C:\Windows\System32\wuauclt.exe
4712 C:\Windows\System32\notepad.exe
5184 C:\Windows\System32\SearchFilterHost.exe
4780 dllhost.exe
3468 dllhost.exe
2648 C:\Users\Sizemore\Desktop\MBRCheck.exe
4716 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`46500000 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500BEVT-22A23T0, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Looks like were starting from Square One,
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
Reboot and then run aswMBR
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
fjsizemore
2011-10-23, 04:13
Thanks Ken,
I dowloaded tdsskiller, ran it and the same as earlier.
I ran the mbrexe and mbr checker, and same as earlier.
I went ahead, sorry, i know i am supposed to get ahead of you, dowloaded combofix, ran it, and the same as ealier.
I ram mbr again and clicked fix, it restarted my computer, and same thing, kept going through startup repair. I let it run while I went to the store and now, my computer won't even turn on.
I guess I am completely hosed.
Just a black screen with not even the bios visibly loading.
Any suggestions would be greatly appreciated, but I think I am going to have to go to the store and get a new one.
Jeff
fjsizemore
2011-10-23, 04:23
The bios screen did come up and startup repair ran again and then restarted, now it is just sitting at the acer screen with Press <f2> to enter setup.
I pressed f2 and nothing happens.
Sorry to be such a pain.
fjsizemore
2011-10-23, 04:57
I was finally able to get out of startup repair and am now restoring to factory defaults.
fjsizemore
2011-10-23, 06:17
Ken,
I was finally able to restore my system to factory defaults. I did some additional research and found several people have had success with hitman pro. I downloaded it, ran the scan, it found and removed the tdl4 rootkit virus.
No more redirects and no more ads palying. Hopefully it fully fixed it.
Hello Jeff,
I have been at this for around 10 years, the threats going around today are so much more serious and nasty than they where 10 years ago, the current threats are designed to prevent there removal and sometimes in the process it causes damage ( as you can see )
Run aswMBR again just to scan, dont fix anything and post the log and lets see if its gone, then also run DDS and post that new log and lets take a look
fjsizemore
2011-10-23, 16:07
aswmbr log
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-23 09:03:32
-----------------------------
09:03:32.655 OS Version: Windows x64 6.1.7600
09:03:32.655 Number of processors: 2 586 0x170A
09:03:32.655 ComputerName: SIZEMORE-PC UserName: Sizemore
09:03:35.400 Initialize success
09:03:39.252 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:03:39.252 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
09:03:39.267 Disk 0 MBR read successfully
09:03:39.267 Disk 0 MBR scan
09:03:39.283 Disk 0 Windows 7 default MBR code
09:03:39.283 Service scanning
09:03:41.451 Modules scanning
09:03:41.451 Disk 0 trace - called modules:
09:03:41.529 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:03:41.545 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800511d060]
09:03:41.545 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e8e050]
09:03:41.561 Scan finished successfully
09:03:50.203 Disk 0 MBR has been saved successfully to "C:\Users\Sizemore\Desktop\MBR.dat"
09:03:50.203 The log file has been saved successfully to "C:\Users\Sizemore\Desktop\aswMBR.txt"
DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Sizemore at 9:04:28 on 2011-10-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3002.1855 [GMT -4:00]
.
AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361011t225l04f4z1k5t5632o373
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361011t225l04f4z1k5t5632o373
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361011t225l04f4z1k5t5632o373
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5734z&r=27361011t225l04f4z1k5t5632o373
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100426210525.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{1C182E3F-B34D-4903-923C-0781AB310752} : DhcpNameServer = 192.168.254.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100426210525.dll
BHO-X64: scriptproxy - No File
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-27 325200]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-10-22 865824]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-26 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]
R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-4-27 199032]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-4-27 244840]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-4-27 148520]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-5 144640]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-4-27 243232]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-22 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-22 135664]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro35.sys --> C:\Windows\system32\drivers\hitmanpro35.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-2-1 305520]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-5 50432]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-4-27 332272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-26 225280]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2009-12-15 355440]
.
=============== Created Last 30 ================
.
2011-10-23 06:09:16 -------- d-----w- C:\Windows\NAPP_Dism_Log
2011-10-23 05:18:33 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2011-10-23 05:17:00 -------- d-----w- C:\Windows\SysWow64\x64
2011-10-23 05:17:00 -------- d-----w- C:\Windows\SysWow64\Lang
2011-10-23 05:16:59 1002008 ----a-w- C:\Windows\SysWow64\igxpun.exe
2011-10-23 03:01:04 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-10-23 03:00:52 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-10-23 03:00:31 -------- d-----w- C:\ProgramData\Hitman Pro
2011-10-23 02:39:18 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-10-23 02:39:18 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-10-23 02:39:02 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-10-23 02:38:19 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-10-23 02:37:51 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2011-10-23 02:37:13 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\abfda02c1cc912c\DSETUP.dll
2011-10-23 02:37:13 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\abfda02c1cc912c\DXSETUP.exe
2011-10-23 02:37:13 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\abfda02c1cc912c\dsetup32.dll
2011-10-23 02:36:48 141402440 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc22ED.tmp
2011-10-23 02:36:44 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-10-23 02:35:34 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
2011-10-23 02:34:07 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-10-23 02:34:07 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-10-23 02:34:07 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-10-23 02:31:55 -------- d-----w- C:\Program Files\Synaptics
2011-10-23 02:30:02 -------- d-----w- C:\Program Files (x86)\Launch Manager
2011-10-23 02:29:30 -------- d-----w- C:\Users\Sizemore\AppData\Roaming\Intel Corporation
2011-10-23 02:29:16 -------- d---a-w- C:\book
2011-10-23 02:29:15 -------- d-----w- C:\Users\Sizemore\AppData\Local\EgisTec IPS
2011-10-23 02:26:50 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-10-23 02:26:50 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-10-23 02:26:49 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-10-23 02:26:49 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-10-23 02:26:40 -------- d-----w- C:\Program Files (x86)\OEM
2011-10-23 02:26:31 -------- d-----w- C:\ProgramData\OEM_E471269A730D
2011-10-23 02:23:52 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
.
============= FINISH: 9:05:10.91 ===============
Looking good, any issues ?
Hi,
You where very lucky, the input have gotten from a few other helpers have said that Hit Man Pro generally damages the machine to the point that windows will have to be reinstalled
http://www.geekstogo.com/forum/topic/308911-pc-wont-boot-google-redirect-and-hitman-pro-issue/
A quick look through the "Computer won't boot" sub-forum at G2G .... will show why I would never recommend the use of HitmanPro on any computer
This User was lucky, many are not and HitmanPro borks their machine.
This variant is not seen by TDSSKiller, aswMBR finds it through the API and to date the only surefire way I have had to clear it is to use a recovery disc... He may have been lucky with hitmanpro, normally that blows the system
How is everything running now
Due to inactivity, this thread will now be closed.
If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.