My girlfriend's computer seems to have become infected with a pretty bad virus that prevents internet access, and apparently generates .exe files in the location:

C:\Users\Kimberly\AppData\Local\Temp

Of the form 50620T.exe or more generally <random>.exe

Googling the filenames has had no success. They appear to be random. Things I have tried:

Run boot time scans with avast, run full scans with malwarebytes in safe mode. Same thing with avast. Both found a few items and removed them, but the problem persists. In normal windows (not safe mode), avast will detect a rootkit virus on a hidden partition after a while. I have already removed it with avast more than once, but it appears to come back (or was never actually removed).

I tried to follow the instructions before posting, but attempting to run DDS resulted in a blue screen of death. I've posted the other logs. Gmer found nothing. MBR Check found something, but it's on the 300 GB partition which is the main one, making me think that's not something wrong??

Any suggestions?

Thanks

MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 6328

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/11/2011 648 PM
mbam-log-2011-04-11 (18-21-48).txt

Scan type: Quick scan
Objects scanned: 163862
Time elapsed: 1 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


MBR Check
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP HDX16 Notebook PC
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 211):
0x0324E000 \SystemRoot\system32\ntoskrnl.exe
0x03205000 \SystemRoot\system32\hal.dll
0x00BAA000 \SystemRoot\system32\kdcom.dll
0x00C4D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C91000 \SystemRoot\system32\PSHED.dll
0x00CA5000 \SystemRoot\system32\CLFS.SYS
0x00D03000 \SystemRoot\system32\CI.dll
0x00E54000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EF8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F07000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F5E000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F67000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F71000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FA4000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FB1000 \SystemRoot\System32\drivers\partmgr.sys
0x00FC6000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FCF000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FDB000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x01041000 \SystemRoot\System32\drivers\volmgrx.sys
0x0109D000 \SystemRoot\System32\drivers\mountmgr.sys
0x010B7000 \SystemRoot\system32\DRIVERS\atapi.sys
0x010C0000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x010EA000 \SystemRoot\system32\DRIVERS\msahci.sys
0x010F5000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x01105000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01110000 \SystemRoot\system32\drivers\fltmgr.sys
0x0115C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01170000 \SystemRoot\system32\drivers\mfehidk.sys
0x01241000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0144E000 \SystemRoot\System32\Drivers\msrpc.sys
0x014AC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014C6000 \SystemRoot\System32\Drivers\cng.sys
0x01539000 \SystemRoot\System32\drivers\pcw.sys
0x0154A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016EC000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01802000 \SystemRoot\System32\drivers\tcpip.sys
0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01554000 \SystemRoot\system32\drivers\mfewfpk.sys
0x016D5000 \SystemRoot\system32\drivers\TDI.SYS
0x01598000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x016E2000 \SystemRoot\System32\Drivers\spldr.sys
0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
0x017DE000 \SystemRoot\System32\Drivers\mup.sys
0x017F0000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0143A000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x01200000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015E4000 \SystemRoot\system32\DRIVERS\disk.sys
0x01000000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00E13000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02CCA000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x02D4A000 \SystemRoot\System32\Drivers\Null.SYS
0x02D53000 \SystemRoot\System32\Drivers\Beep.SYS
0x02D5A000 \SystemRoot\System32\drivers\vga.sys
0x02D68000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02D8D000 \SystemRoot\System32\drivers\watchdog.sys
0x02D9D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02DA6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02DAF000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02DB8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02DC3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02DD4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02C00000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02C10000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03AE7000 \SystemRoot\system32\drivers\afd.sys
0x03B71000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03B7B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B84000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03BAA000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03BC0000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x03BD1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03BE0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03A00000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03A14000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A65000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A71000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03A7C000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x03A87000 \SystemRoot\System32\drivers\discache.sys
0x03A96000 \SystemRoot\System32\Drivers\dfsc.sys
0x03AB4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02C55000 \SystemRoot\System32\Drivers\aswSP.SYS
0x02CA0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03AC5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03ADB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0480F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x053E0000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03C7E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03D72000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03DB8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03C56000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03DC5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03E5F000 \SystemRoot\system32\DRIVERS\NETwNs64.sys
0x045E1000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x03E00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x00C00000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x03E32000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x00DC3000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x053E2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x045EE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05844000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05897000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05899000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x058A8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x058B1000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x058BE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x058CE000 \SystemRoot\system32\DRIVERS\serscan.sys
0x058D6000 \SystemRoot\system32\drivers\ksthunk.sys
0x058DC000 \SystemRoot\system32\drivers\ks.sys
0x0591F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05935000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05959000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05965000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05994000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x059AF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x059D0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x059EA000 \SystemRoot\system32\DRIVERS\VClone.sys
0x059F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05800000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05C0E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05C68000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05C7D000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x05CFC000 \SystemRoot\system32\DRIVERS\portcls.sys
0x05D39000 \SystemRoot\system32\DRIVERS\drmk.sys
0x05D5B000 \SystemRoot\system32\drivers\HdAudio.sys
0x05DB7000 \SystemRoot\system32\drivers\mfeavfk.sys
0x08290000 \SystemRoot\system32\drivers\mfefirek.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x082FA000 \SystemRoot\System32\drivers\Dxapi.sys
0x08306000 \SystemRoot\System32\Drivers\crashdmp.sys
0x08314000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x08320000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x0832B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0833E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x08359000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x08367000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x08380000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x08389000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x08396000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x083B3000 \SystemRoot\System32\Drivers\usbvideo.sys
0x083E1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00400000 \SystemRoot\System32\TSDDD.dll
0x083EF000 \SystemRoot\system32\drivers\vfs101a.sys
0x00640000 \SystemRoot\System32\cdd.dll
0x008B0000 \SystemRoot\System32\ATMFD.DLL
0x08200000 \SystemRoot\system32\drivers\luafv.sys
0x08223000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x0825D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x08266000 \SystemRoot\system32\drivers\WudfPf.sys
0x05DE4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x07053000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x070A6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x070B9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x070D1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x07107000 \SystemRoot\system32\drivers\HTTP.sys
0x071CF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07000000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07018000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08882000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x088D0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x088F3000 \SystemRoot\system32\drivers\peauth.sys
0x08999000 \SystemRoot\System32\Drivers\secdrv.SYS
0x089A4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x089D1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08800000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09259000 \SystemRoot\System32\DRIVERS\srv.sys
0x0931C000 \SystemRoot\system32\drivers\cfwids.sys
0x0932A000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x093E8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x09200000 \SystemRoot\system32\drivers\mfeapfk.sys
0x76EC0000 \Windows\System32\ntdll.dll
0x47FF0000 \Windows\System32\smss.exe
0xFF1E0000 \Windows\System32\apisetschema.dll
0xFF940000 \Windows\System32\autochk.exe
0xFF180000 \Windows\System32\ws2_32.dll
0xFF0E0000 \Windows\System32\clbcatq.dll
0x76DC0000 \Windows\System32\user32.dll
0xFF0C0000 \Windows\System32\imagehlp.dll
0xFE330000 \Windows\System32\shell32.dll
0xFE320000 \Windows\System32\lpk.dll
0xFE240000 \Windows\System32\advapi32.dll
0xFDFE0000 \Windows\System32\iertutil.dll
0xFDE60000 \Windows\System32\urlmon.dll
0xFDDE0000 \Windows\System32\difxapi.dll
0x76CA0000 \Windows\System32\kernel32.dll
0xFDCB0000 \Windows\System32\rpcrt4.dll
0xFDC90000 \Windows\System32\sechost.dll
0xFDC60000 \Windows\System32\imm32.dll
0xFDC50000 \Windows\System32\nsi.dll
0x77090000 \Windows\System32\psapi.dll
0xFDB70000 \Windows\System32\oleaut32.dll
0xFDA60000 \Windows\System32\msctf.dll
0xFD9C0000 \Windows\System32\msvcrt.dll
0x77080000 \Windows\System32\normaliz.dll
0xFD940000 \Windows\System32\shlwapi.dll
0xFD8F0000 \Windows\System32\Wldap32.dll
0xFD880000 \Windows\System32\gdi32.dll
0xFD7B0000 \Windows\System32\usp10.dll
0xFD680000 \Windows\System32\wininet.dll
0xFD5E0000 \Windows\System32\comdlg32.dll
0xFD3D0000 \Windows\System32\ole32.dll
0xFD1F0000 \Windows\System32\setupapi.dll
0xFD1D0000 \Windows\System32\devobj.dll
0xFD130000 \Windows\System32\comctl32.dll
0xFD0F0000 \Windows\System32\cfgmgr32.dll
0xFD0B0000 \Windows\System32\wintrust.dll
0xFD040000 \Windows\System32\KernelBase.dll
0xFCED0000 \Windows\System32\crypt32.dll
0xFCEC0000 \Windows\System32\msasn1.dll
0x75D30000 \Windows\SysWOW64\normaliz.dll

Processes (total 59):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
604 csrss.exe
664 C:\Windows\System32\wininit.exe
672 csrss.exe
728 C:\Windows\System32\services.exe
736 C:\Windows\System32\lsass.exe
744 C:\Windows\System32\lsm.exe
856 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\winlogon.exe
1012 C:\Windows\System32\svchost.exe
368 C:\Windows\System32\svchost.exe
336 C:\Windows\System32\svchost.exe
388 C:\Windows\System32\svchost.exe
204 C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_960c1f056a541068\stacsv64.e xe
1192 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\hpservice.exe
1340 C:\Windows\System32\vfsFPService.exe
1476 C:\Windows\System32\svchost.exe
1548 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1836 C:\Windows\System32\spoolsv.exe
1868 C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
1924 C:\Windows\System32\svchost.exe
2032 C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.e xe
1292 C:\Windows\System32\svchost.exe
1356 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1968 C:\Windows\System32\mfevtps.exe
2112 C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
2136 C:\Windows\System32\rundll32.exe
2192 C:\Windows\SysWOW64\rundll32.exe
2224 C:\Windows\System32\svchost.exe
2268 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2328 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2416 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2508 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2996 C:\Windows\System32\svchost.exe
3068 WUDFHost.exe
3828 C:\Program Files\Windows Media Player\wmpnetwk.exe
3864 C:\Windows\System32\SearchIndexer.exe
3244 C:\Windows\System32\taskhost.exe
3504 C:\Program Files\McAfee.com\Agent\mcagent.exe
3500 C:\Windows\System32\dwm.exe
148 C:\Windows\explorer.exe
3448 C:\Program Files\IDT\WDM\sttray64.exe
3432 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3540 C:\Program Files\Windows Sidebar\sidebar.exe
3708 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4008 C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
2988 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3196 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1116 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
4536 C:\Windows\System32\taskeng.exe
3248 C:\Windows\System32\audiodg.exe
1876 C:\Windows\System32\SearchProtocolHost.exe
3208 C:\Windows\System32\SearchFilterHost.exe
2868 C:\Users\Kimberly\Desktop\MBRCheck.exe
924 C:\Windows\System32\conhost.exe
2608 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000009`c4100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000048`0ef00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEKT-60F3T1, Rev: 12.01A12

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 43D883454798828D348BD54C7A5CBDE0A9733364


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

[HJT log removed - Broni]

Welcome aboard

Please, complete all steps listed here: HERE

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Thanks for the reply. I have followed all of those steps in order and posted the results in my first post. I was unable to run DDS, because it is causing a blue screen even though I've disabled possible conflicting antivirus programs. Will keep trying. Malwarebytes and Avast have found nothing. Only the MBR fix found something it looks like.

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Thanks, will do that now. I finally got DDS to work without crashing (McAfee had a lot of processes that were not easily stopped which I finally was able to disable). Here are the DDS logs:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Kimberly at 0:18:56.06 on Tue 04/12/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4063.3209 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_960c1f056a541068\STacSV64.e xe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
c:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.e xe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Kimberly\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = http=127.0.0.1:61152
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110109190232.dl l
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [AdobeBridge]
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Kimberly\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli DPPWDFLT
BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO-X64: DigitalPersona Personal Extension - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110109190232.dl l
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-1-9 529128]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-1-9 283360]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-1-9 75032]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileReposi tory\stwrt64.inf_amd64_neutral_960c1f056a541068\AE STSr64.exe [2009-3-2 89600]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 vfsFPService;Validity Fingerprint Service;C:\Windows\System32\vfsFPService.exe [2008-9-16 719152]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-10-22 128352]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-1-9 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-1-9 441328]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2010-8-29 7821312]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
R3 vfs101a;vfs101a;C:\Windows\System32\drivers\vfs101 a.sys [2008-9-16 49968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-1-9 200056]
S2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2010-12-10 36328]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-2-19 245760]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-1-9 62800]
S3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgde rdrv.sys [2010-6-9 20568]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-4-5 1436424]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssflt r.sys [2010-12-16 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\D03A.tmp [2011-4-11 6144]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-1-9 94864]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2010-12-10 125416]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2010-12-10 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2010-12-10 159208]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TF sExDisk.sys [2010-12-10 16392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-5 1255736]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-9 355440]
S4 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-9 355440]
S4 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-9 355440]
S4 McOobeSv;McAfee OOBE Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-9 355440]
S4 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2011-1-9 355440]
S4 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-1-9 245352]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-04-12 03:07:44 6144 ------w- C:\Windows\System32\D03A.tmp
2011-04-12 03:05:46 6144 ------w- C:\Windows\System32\4B1.tmp
2011-04-11 22:10:28 -------- d-----w- C:\SDFix
2011-04-11 14:31:29 -------- d-----w- C:\Windows\SysWow64\FxsTmp
2011-04-11 14:31:29 -------- d-----w- C:\Windows\System32\FxsTmp
2011-04-11 14:31:29 -------- d-----w- C:\Windows\addins
2011-04-11 14:10:11 -------- d-----w- C:\Program Files\Adobe Illustrator CS5
2011-04-11 04:34:07 -------- d-----w- C:\Program Files (x86)\Sophos
2011-04-10 18:46:44 -------- d-----w- C:\Users\Kimberly\DoctorWeb
2011-04-10 18:41:01 -------- d-----w- C:\PROGRA~3\Grisoft
2011-04-10 17:38:15 -------- d-----w- C:\Users\Kimberly\AppData\Roaming\Malwarebytes
2011-04-10 17:38:12 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-10 17:38:11 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-04-10 17:38:08 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-10 17:38:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-10 17:37:03 -------- d-----w- C:\Program Files\AVAST Software
2011-04-10 17:37:03 -------- d-----w- C:\PROGRA~3\AVAST Software
2011-04-10 17:14:56 -------- d-----w- C:\Windows\pss
2011-04-10 17:09:43 356352 ----a-w- C:\Windows\SysWow64\gver.exe
2011-04-10 17:07:19 356352 ----a-w- C:\Windows\SysWow64\oxot.exe
2011-04-10 17:07:19 232 ----a-w- C:\Windows\SysWow64\delme.bat
2011-04-10 17:04:25 356352 ----a-w- C:\Windows\SysWow64\eadr.exe
2011-04-10 17:04:22 356352 ----a-w- C:\Windows\SysWow64\zivy.exe
2011-04-06 21:25:43 -------- d-----w- C:\PROGRA~3\HipSoft
2011-04-06 01:01:36 -------- d-----w- C:\Users\Kimberly\AppData\Roaming\Artogon
2011-04-06 01:00:07 -------- d-----w- C:\Program Files (x86)\Build a Lot 5 Elizabethan Era
2011-04-06 00:31:15 -------- d-----w- C:\Users\Kimberly\AppData\Roaming\Peace Craft
2011-04-05 18:58:47 -------- d-----w- C:\Users\Kimberly\AppData\Local\Autodesk
2011-04-05 18:33:05 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2011-04-05 18:31:13 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared
2011-04-05 18:31:13 -------- d-----w- C:\Program Files\Autodesk
2011-04-05 18:27:55 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared
2011-04-05 18:27:55 -------- d-----w- C:\Program Files (x86)\Autodesk
2011-04-05 18:11:17 -------- d-----w- C:\Users\Kimberly\AppData\Roaming\Autodesk
2011-04-05 02:43:55 -------- d-----w- C:\Users\Kimberly\AppData\Roaming\PrimoPDF
2011-04-05 02:40:26 95008 ----a-w- C:\Windows\System32\Primomonnt.dll
2011-04-05 02:40:25 -------- d-----w- C:\Program Files (x86)\Nitro PDF
2011-04-02 1525 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-03-26 20:46:00 -------- d-----w- C:\Users\Kimberly\AppData\Roaming\StageManager.BD0 92818F67280F4B42B04877600987F0111B594.1
2011-03-26 20:46:00 -------- d-----w- C:\Users\Kimberly\AppData\Roaming\Adobe Mini Bridge CS5
.
==================== Find3M ====================
.
2011-03-04 05:06:16 197912 ----a-w- C:\Windows\SysWow64\physxcudart_20.dll
2011-03-04 05:05:37 197912 ----a-w- C:\Windows\System32\physxcudart_20.dll
2011-02-25 14:07:05 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2011-02-25 14:07:04 770912 ----a-w- C:\Windows\SysWow64\Msfdbqp.dll
2011-02-25 14:07:04 511328 ----a-w- C:\Windows\SysWow64\Synchronization2.dll
2011-02-25 14:07:04 397152 ----a-w- C:\Windows\SysWow64\Msfdbse.dll
2011-02-25 14:07:04 253280 ----a-w- C:\Windows\SysWow64\MetaStore2.dll
2011-02-25 14:07:04 230240 ----a-w- C:\Windows\SysWow64\Msfdb.dll
2011-02-25 14:07:04 189792 ----a-w- C:\Windows\SysWow64\SimpleProviders2.dll
2011-02-25 14:07:04 171360 ----a-w- C:\Windows\SysWow64\FileSyncProvider2.dll
2011-02-25 14:07:04 156512 ----a-w- C:\Windows\SysWow64\FeedSync2.dll
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-03 02:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
.
============= FINISH: 0:19:36.62 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/1/2010 10:20:16 PM
System Uptime: 4/12/2011 12:17:11 AM (0 hours ago)
.
Motherboard: Quanta | | 361B
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz | CPU | 2534/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 249 GiB total, 149.53 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 38.827 GiB free.
E: is FIXED (NTFS) - 10 GiB total, 1.714 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\ENE0100\4&2BC45EE6&0
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0100\4&2BC45EE6&0
Service:
.
==== System Restore Points ===================
.
RP135: 4/6/2011 1:11:39 PM - Windows Update
RP136: 4/11/2011 8:59:56 AM - Removed Kies mini
RP137: 4/11/2011 9:26:54 AM - Windows Modules Installer
RP138: 4/11/2011 9:31:02 AM - Windows Modules Installer
RP139: 4/12/2011 12:10:19 AM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Illustrator CS5
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.4.2
Adobe Shockwave Player 11.5
Autodesk Design Review 2011
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Autodesk Material Library 2011 Medium Image library
Brother MFL-Pro Suite MFC-J6710DW
Build a Lot 5 Elizabethan Era
D3DX10
EA Download Manager
Fallout New Vegas
Google SketchUp Pro 8
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
IDT Audio
Java Auto Updater
Java(TM) 6 Update 24
JMicron JMB38X Flash Media Controller Driver
Junk Mail filter update
Malwarebytes' Anti-Malware
McAfee AntiVirus Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Nuance PaperPort 12
Nuance PDF Viewer Plus
PDF Settings CS5
Pidgin
PrimoPDF -- brought to you by Nitro PDF Software
Rosetta Stone Version 3
Scansoft PDF Professional
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.1
The Sims™ 3
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
VirtualCloneDrive
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
4/9/2011 3:26:06 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer BLACKTOWER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8431EFF9-E417-450F-809A-50EE44ADCC53}. The master browser is stopping or an election is being forced.
4/6/2011 1:12:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f020b: Western Digital Technologies - Other hardware - WD SES Device.
4/12/2011 12:18:34 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/12/2011 12:17:33 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
4/12/2011 12:17:32 AM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The system cannot find the file specified.
4/12/2011 12:17:32 AM, Error: Service Control Manager [7000] - The McAfee Validation Trust Protection Service service failed to start due to the following error: The system cannot find the file specified.
4/11/2011 8:34:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McShield service.
4/11/2011 6:40:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff800032de2b3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041111-16816-01.
4/11/2011 6:02:50 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/11/2011 6:02:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/11/2011 6:02:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/11/2011 6:02:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/11/2011 6:02:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/11/2011 6:02:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/11/2011 6:02:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/11/2011 5:45:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
4/11/2011 5:43:38 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/11/2011 5:41:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002654591, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041111-16614-01.
4/11/2011 5:41:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache ElbyCDIO mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
4/11/2011 5:41:38 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/11/2011 5:41:38 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/11/2011 5:41:38 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/11/2011 5:41:38 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/11/2011 5:41:38 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/11/2011 5:41:38 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/11/2011 5:41:38 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/11/2011 5:41:38 PM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
4/11/2011 5:41:38 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
4/11/2011 5:41:38 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
4/11/2011 5:41:38 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
4/11/2011 5:41:38 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
4/11/2011 5:41:38 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/11/2011 5:41:38 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/11/2011 5:41:38 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/11/2011 5:12:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi AVG Anti-Spyware Driver DfsC discache ElbyCDIO mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
4/11/2011 5:12:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff800026a2d87, 0xfffff88003c24f70, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041111-24616-01.
4/11/2011 12:41:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000328dcd8, 0xfffff880047c0d90, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041111-23587-01.
4/11/2011 12:28:03 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\42AD.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/11/2011 10:07:44 PM, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
4/11/2011 10:07:44 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\D03A.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/11/2011 10:06:05 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\4B1.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/10/2011 9:44:45 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/10/2011 12:37:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/10/2011 12:16:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache ElbyCDIO mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
4/10/2011 12:12:02 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
4/10/2011 12:08:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007f (0x0000000000000008, 0x0000000080050033, 0x00000000000406f8, 0xfffff800033ad4ce). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041011-19375-01.
4/10/2011 11:34:13 PM, Error: Application Popup [1060] - \??\C:\Windows\system32\B414.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/10/2011 1:44:23 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/10/2011 1:41:02 PM, Error: Service Control Manager [7000] - The AVG Anti-Spyware Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
4/10/2011 1:40:35 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/10/2011 1:40:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache ElbyCDIO spldr Wanarpv6
4/10/2011 1:28:35 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
4/10/2011 1:13:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/10/2011 1:13:50 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/10/2011 1:13:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
4/10/2011 1:13:04 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Here are the results from TDSSkiller. It found nothing.


2011/04/12 00:24:55.0317 3784 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/12 00:24:55.0332 3784 ================================================== ==============================
2011/04/12 00:24:55.0332 3784 SystemInfo:
2011/04/12 00:24:55.0332 3784
2011/04/12 00:24:55.0332 3784 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/12 00:24:55.0332 3784 Product type: Workstation
2011/04/12 00:24:55.0332 3784 ComputerName: KIMBERLY-PC
2011/04/12 00:24:55.0332 3784 UserName: Kimberly
2011/04/12 00:24:55.0332 3784 Windows directory: C:\Windows
2011/04/12 00:24:55.0332 3784 System windows directory: C:\Windows
2011/04/12 00:24:55.0332 3784 Running under WOW64
2011/04/12 00:24:55.0332 3784 Processor architecture: Intel x64
2011/04/12 00:24:55.0332 3784 Number of processors: 2
2011/04/12 00:24:55.0332 3784 Page size: 0x1000
2011/04/12 00:24:55.0332 3784 Boot type: Normal boot
2011/04/12 00:24:55.0332 3784 ================================================== ==============================
2011/04/12 00:24:55.0691 3784 Initialize success
2011/04/12 00:25:00.0059 2716 ================================================== ==============================
2011/04/12 00:25:00.0059 2716 Scan started
2011/04/12 00:25:00.0059 2716 Mode: Manual;
2011/04/12 00:25:00.0059 2716 ================================================== ==============================
2011/04/12 00:25:01.0370 2716 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/12 00:25:01.0416 2716 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/04/12 00:25:01.0448 2716 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/12 00:25:01.0479 2716 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/12 00:25:01.0510 2716 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/12 00:25:01.0557 2716 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/12 00:25:01.0588 2716 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/12 00:25:01.0650 2716 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/04/12 00:25:01.0666 2716 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/12 00:25:01.0713 2716 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/12 00:25:01.0728 2716 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/12 00:25:01.0744 2716 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/12 00:25:01.0775 2716 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/12 00:25:01.0791 2716 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/12 00:25:01.0806 2716 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/12 00:25:01.0838 2716 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/12 00:25:01.0869 2716 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
2011/04/12 00:25:01.0900 2716 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/04/12 00:25:01.0931 2716 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/12 00:25:01.0947 2716 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/12 00:25:01.0994 2716 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/12 00:25:02.0009 2716 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/12 00:25:02.0072 2716 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/12 00:25:02.0118 2716 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/12 00:25:02.0165 2716 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/12 00:25:02.0196 2716 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/12 00:25:02.0212 2716 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/12 00:25:02.0243 2716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/12 00:25:02.0259 2716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/12 00:25:02.0290 2716 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/12 00:25:02.0306 2716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/12 00:25:02.0321 2716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/12 00:25:02.0337 2716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/12 00:25:02.0384 2716 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/12 00:25:02.0399 2716 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/12 00:25:02.0446 2716 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/12 00:25:02.0493 2716 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys
2011/04/12 00:25:02.0524 2716 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/12 00:25:02.0571 2716 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/12 00:25:02.0618 2716 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/12 00:25:02.0633 2716 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/12 00:25:02.0664 2716 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/04/12 00:25:02.0711 2716 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/12 00:25:02.0727 2716 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/12 00:25:02.0758 2716 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/12 00:25:02.0789 2716 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/04/12 00:25:02.0836 2716 dgderdrv (867fa8b9e9e3078f68c4089904bbf4b0) C:\Windows\system32\drivers\dgderdrv.sys
2011/04/12 00:25:02.0867 2716 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/12 00:25:02.0898 2716 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/12 00:25:02.0945 2716 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/12 00:25:02.0992 2716 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/12 00:25:03.0086 2716 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/12 00:25:03.0210 2716 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/04/12 00:25:03.0257 2716 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/12 00:25:03.0288 2716 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/12 00:25:03.0320 2716 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/12 00:25:03.0351 2716 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/12 00:25:03.0398 2716 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/12 00:25:03.0429 2716 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/12 00:25:03.0444 2716 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/12 00:25:03.0491 2716 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/12 00:25:03.0522 2716 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/04/12 00:25:03.0554 2716 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/12 00:25:03.0585 2716 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/04/12 00:25:03.0616 2716 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/12 00:25:03.0663 2716 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/12 00:25:03.0694 2716 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/12 00:25:03.0725 2716 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/12 00:25:03.0756 2716 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/04/12 00:25:03.0788 2716 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/12 00:25:03.0819 2716 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/12 00:25:03.0834 2716 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/12 00:25:03.0850 2716 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/12 00:25:03.0897 2716 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/12 00:25:03.0944 2716 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/04/12 00:25:03.0959 2716 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/12 00:25:04.0022 2716 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/04/12 00:25:04.0053 2716 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/12 00:25:04.0100 2716 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/12 00:25:04.0131 2716 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/12 00:25:04.0162 2716 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/12 00:25:04.0193 2716 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/12 00:25:04.0209 2716 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/12 00:25:04.0240 2716 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/12 00:25:04.0271 2716 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/12 00:25:04.0318 2716 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/12 00:25:04.0349 2716 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/12 00:25:04.0365 2716 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/12 00:25:04.0396 2716 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/12 00:25:04.0427 2716 JMCR (54df9eafb54a98e1a2ac3db69c16cf05) C:\Windows\system32\DRIVERS\jmcr.sys
2011/04/12 00:25:04.0458 2716 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/12 00:25:04.0490 2716 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/12 00:25:04.0521 2716 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/12 00:25:04.0552 2716 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/12 00:25:04.0568 2716 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/12 00:25:04.0614 2716 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/12 00:25:04.0677 2716 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/12 00:25:04.0692 2716 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/12 00:25:04.0724 2716 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/12 00:25:04.0739 2716 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/12 00:25:04.0755 2716 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/12 00:25:04.0864 2716 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/12 00:25:04.0880 2716 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/12 00:25:04.0926 2716 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\Windows\system32\D03A.tmp
2011/04/12 00:25:04.0942 2716 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys
2011/04/12 00:25:04.0989 2716 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys
2011/04/12 00:25:05.0036 2716 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys
2011/04/12 00:25:05.0051 2716 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys
2011/04/12 00:25:05.0082 2716 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/04/12 00:25:05.0114 2716 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys
2011/04/12 00:25:05.0160 2716 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys
2011/04/12 00:25:05.0176 2716 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/12 00:25:05.0207 2716 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/12 00:25:05.0238 2716 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/12 00:25:05.0270 2716 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/12 00:25:05.0285 2716 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/04/12 00:25:05.0316 2716 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/12 00:25:05.0332 2716 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/12 00:25:05.0363 2716 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/12 00:25:05.0394 2716 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/12 00:25:05.0426 2716 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/12 00:25:05.0457 2716 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/12 00:25:05.0472 2716 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/12 00:25:05.0504 2716 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/12 00:25:05.0535 2716 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/12 00:25:05.0566 2716 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/12 00:25:05.0582 2716 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/12 00:25:05.0613 2716 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/12 00:25:05.0644 2716 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/12 00:25:05.0660 2716 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/12 00:25:05.0691 2716 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/04/12 00:25:05.0722 2716 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/12 00:25:05.0722 2716 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/12 00:25:05.0769 2716 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/12 00:25:05.0784 2716 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/12 00:25:05.0831 2716 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/12 00:25:05.0878 2716 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/04/12 00:25:05.0909 2716 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/12 00:25:05.0940 2716 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/12 00:25:05.0956 2716 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/12 00:25:05.0972 2716 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/12 00:25:06.0003 2716 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/04/12 00:25:06.0018 2716 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/12 00:25:06.0034 2716 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/12 00:25:06.0190 2716 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/04/12 00:25:06.0440 2716 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\Windows\system32\DRIVERS\NETwNs64.sys
2011/04/12 00:25:06.0596 2716 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/12 00:25:06.0627 2716 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/12 00:25:06.0658 2716 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/12 00:25:06.0705 2716 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/04/12 00:25:06.0752 2716 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/12 00:25:07.0001 2716 nvlddmkm (3e0083d60f3ee9f5f8f585103cd45cff) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/12 00:25:07.0079 2716 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/12 00:25:07.0110 2716 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/12 00:25:07.0142 2716 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/12 00:25:07.0173 2716 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/12 00:25:07.0220 2716 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/12 00:25:07.0235 2716 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/04/12 00:25:07.0266 2716 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/04/12 00:25:07.0282 2716 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/12 00:25:07.0313 2716 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/12 00:25:07.0344 2716 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/12 00:25:07.0391 2716 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/12 00:25:07.0469 2716 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/12 00:25:07.0500 2716 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/12 00:25:07.0547 2716 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/12 00:25:07.0594 2716 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/12 00:25:07.0656 2716 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/12 00:25:07.0688 2716 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/12 00:25:07.0703 2716 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/12 00:25:07.0734 2716 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/12 00:25:07.0750 2716 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/12 00:25:07.0781 2716 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/12 00:25:07.0797 2716 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/12 00:25:07.0828 2716 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/12 00:25:07.0844 2716 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/12 00:25:07.0875 2716 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/12 00:25:07.0906 2716 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/12 00:25:07.0922 2716 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/12 00:25:07.0953 2716 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/04/12 00:25:07.0984 2716 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/04/12 00:25:08.0031 2716 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/12 00:25:08.0062 2716 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/04/12 00:25:08.0093 2716 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/12 00:25:08.0140 2716 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/12 00:25:08.0171 2716 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/12 00:25:08.0202 2716 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/12 00:25:08.0234 2716 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/12 00:25:08.0265 2716 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/12 00:25:08.0296 2716 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/12 00:25:08.0343 2716 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/12 00:25:08.0358 2716 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/12 00:25:08.0374 2716 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/12 00:25:08.0390 2716 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/12 00:25:08.0421 2716 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/12 00:25:08.0452 2716 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/12 00:25:08.0483 2716 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/12 00:25:08.0514 2716 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/12 00:25:08.0561 2716 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/12 00:25:08.0592 2716 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/12 00:25:08.0608 2716 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/12 00:25:08.0655 2716 ssadbus (c1212ba5ab6783191899d194672a5b5c) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/04/12 00:25:08.0702 2716 ssadmdfl (eb270596d4117c4306442f36ef2c290e) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/04/12 00:25:08.0733 2716 ssadmdm (e29027dfaec246299d1cf88627c5cbe6) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/04/12 00:25:08.0764 2716 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/04/12 00:25:08.0795 2716 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/04/12 00:25:08.0826 2716 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/04/12 00:25:08.0858 2716 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/12 00:25:08.0920 2716 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/04/12 00:25:08.0967 2716 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/04/12 00:25:08.0998 2716 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/12 00:25:09.0045 2716 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/12 00:25:09.0123 2716 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/04/12 00:25:09.0216 2716 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/12 00:25:09.0248 2716 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/12 00:25:09.0263 2716 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/12 00:25:09.0294 2716 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/12 00:25:09.0310 2716 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/12 00:25:09.0341 2716 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/12 00:25:09.0372 2716 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
2011/04/12 00:25:09.0419 2716 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/12 00:25:09.0450 2716 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/12 00:25:09.0482 2716 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/12 00:25:09.0497 2716 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/12 00:25:09.0544 2716 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/12 00:25:09.0575 2716 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/12 00:25:09.0606 2716 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/12 00:25:09.0669 2716 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/04/12 00:25:09.0700 2716 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/12 00:25:09.0731 2716 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/12 00:25:09.0762 2716 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/12 00:25:09.0778 2716 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/12 00:25:09.0809 2716 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/12 00:25:09.0840 2716 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/12 00:25:09.0872 2716 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/12 00:25:09.0887 2716 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/12 00:25:09.0903 2716 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/12 00:25:09.0950 2716 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/04/12 00:25:09.0981 2716 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
2011/04/12 00:25:10.0012 2716 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/12 00:25:10.0043 2716 vfs101a (24899eff90e725d9c3ac10be870b4d1d) C:\Windows\system32\drivers\vfs101a.sys
2011/04/12 00:25:10.0090 2716 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/12 00:25:10.0106 2716 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/12 00:25:10.0121 2716 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/12 00:25:10.0152 2716 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/12 00:25:10.0168 2716 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/12 00:25:10.0184 2716 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/04/12 00:25:10.0215 2716 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/12 00:25:10.0246 2716 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/12 00:25:10.0277 2716 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/12 00:25:10.0308 2716 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/12 00:25:10.0340 2716 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/12 00:25:10.0371 2716 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 00:25:10.0371 2716 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 00:25:10.0433 2716 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/12 00:25:10.0464 2716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/12 00:25:10.0527 2716 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/12 00:25:10.0542 2716 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/12 00:25:10.0620 2716 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/12 00:25:10.0683 2716 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/12 00:25:10.0714 2716 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/12 00:25:10.0761 2716 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/04/12 00:25:10.0808 2716 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/04/12 00:25:10.0839 2716 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/12 00:25:11.0650 2716 ================================================== ==============================
2011/04/12 00:25:11.0650 2716 Scan finished
2011/04/12 00:25:11.0650 2716 ================================================== ==============================

Update: No new .exe files have shown up since the TFC run, but the internet is still blocked.

Explain "blocked", please.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

By "Blocked" I mean that browsers are not able to access any pages, and the antivirus software is not able to make connections to update. Haven't tried other ports yet, but I suspect that things like AIM or MSN would also not work.

Will do the combofix log asap.

Here is the log from combofix:


ComboFix 11-04-11.04 - Kimberly 04/12/2011 12:44:01.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4063.2891 [GMT -5:00]
Running from: c:\users\Kimberly\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\delme.bat
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MaJUtilLib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCaller.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\MetaStore2.dll
c:\windows\SysWow64\system32\Microsoft.Synchroniza tion.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
c:\windows\SysWow64\system32\Synchronization2.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-12 to 2011-04-12 )))))))))))))))))))))))))))))))
.
.
2011-04-12 03:07 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\D03A.tmp
2011-04-12 03:05 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\4B1.tmp
2011-04-11 14:31 . 2011-04-11 23:04 -------- d-----w- c:\windows\system32\FxsTmp
2011-04-11 14:31 . 2011-04-11 14:31 -------- d-----w- c:\windows\SysWow64\FxsTmp
2011-04-11 14:31 . 2011-04-11 14:31 -------- d-----w- c:\windows\addins
2011-04-11 14:10 . 2011-04-11 14:13 -------- d-----w- c:\program files\Adobe Illustrator CS5
2011-04-11 04:34 . 2011-04-12 05:12 -------- d-----w- c:\program files (x86)\Sophos
2011-04-10 18:46 . 2011-04-10 18:46 -------- d-----w- c:\users\Kimberly\DoctorWeb
2011-04-10 18:41 . 2011-04-10 18:41 -------- d-----w- c:\programdata\Grisoft
2011-04-10 17:38 . 2011-04-10 17:38 -------- d-----w- c:\users\Kimberly\AppData\Roaming\Malwarebytes
2011-04-10 17:38 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-10 17:38 . 2011-04-10 17:38 -------- d-----w- c:\programdata\Malwarebytes
2011-04-10 17:38 . 2011-04-10 17:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-10 17:38 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-10 17:37 . 2011-02-23 14:04 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-10 17:37 . 2011-04-12 05:11 -------- d-----w- c:\programdata\AVAST Software
2011-04-10 17:37 . 2011-04-10 17:37 -------- d-----w- c:\program files\AVAST Software
2011-04-10 17:09 . 2011-04-10 17:09 356352 ----a-w- c:\windows\SysWow64\gver.exe
2011-04-10 17:07 . 2011-04-10 17:07 356352 ----a-w- c:\windows\SysWow64\oxot.exe
2011-04-10 17:04 . 2011-04-10 17:04 356352 ----a-w- c:\windows\SysWow64\eadr.exe
2011-04-10 17:04 . 2011-04-10 17:04 356352 ----a-w- c:\windows\SysWow64\zivy.exe
2011-04-06 21:25 . 2011-04-06 21:25 -------- d-----w- c:\programdata\HipSoft
2011-04-06 01:01 . 2011-04-06 01:01 -------- d-----w- c:\users\Kimberly\AppData\Roaming\Artogon
2011-04-06 01:00 . 2011-04-06 01:00 -------- d-----w- c:\program files (x86)\Build a Lot 5 Elizabethan Era
2011-04-06 00:31 . 2011-04-06 00:33 -------- d-----w- c:\users\Kimberly\AppData\Roaming\Peace Craft
2011-04-05 18:58 . 2011-04-05 19:04 -------- d-----w- c:\users\Kimberly\AppData\Local\Autodesk
2011-04-05 18:33 . 2011-04-05 18:33 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-04-05 18:31 . 2011-04-05 18:31 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2011-04-05 18:31 . 2011-04-05 18:31 -------- d-----w- c:\program files\Autodesk
2011-04-05 18:31 . 2011-04-05 18:31 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-04-05 18:28 . 2011-04-05 18:28 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2011-04-05 18:28 . 2011-04-05 18:29 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2011-04-05 18:27 . 2011-04-05 18:31 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2011-04-05 18:27 . 2011-04-05 18:27 -------- d-----w- c:\program files (x86)\Autodesk
2011-04-05 18:11 . 2011-04-05 18:59 -------- d-----w- c:\users\Kimberly\AppData\Roaming\Autodesk
2011-04-05 18:11 . 2011-04-05 18:59 -------- d-----w- c:\programdata\Autodesk
2011-04-05 02:43 . 2011-04-05 03:25 -------- d-----w- c:\users\Kimberly\AppData\Roaming\PrimoPDF
2011-04-05 02:40 . 2011-02-28 22:37 95008 ----a-w- c:\windows\system32\Primomonnt.dll
2011-04-05 02:40 . 2011-04-05 02:40 -------- d-----w- c:\program files (x86)\Nitro PDF
2011-04-02 15:21 . 2011-04-02 15:22 -------- d-----w- c:\windows\SysWow64\Adobe
2011-03-26 20:46 . 2011-03-26 20:46 -------- d-----w- c:\users\Kimberly\AppData\Roaming\StageManager.BD0 92818F67280F4B42B04877600987F0111B594.1
2011-03-26 20:46 . 2011-03-26 20:46 -------- d-----w- c:\users\Kimberly\AppData\Roaming\Adobe Mini Bridge CS5
2011-03-22 15:20 . 2011-03-22 15:20 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-03-20 19:26 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2011-03-04 05:06 . 2009-09-28 16:46 197912 ----a-w- c:\windows\SysWow64\physxcudart_20.dll
2011-03-04 05:05 . 2009-09-28 16:46 197912 ----a-w- c:\windows\system32\physxcudart_20.dll
2011-02-25 14:07 . 2011-02-25 14:07 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2011-02-25 14:07 . 2011-02-25 14:07 770912 ----a-w- c:\windows\SysWow64\Msfdbqp.dll
2011-02-25 14:07 . 2011-02-25 14:07 511328 ----a-w- c:\windows\SysWow64\Synchronization2.dll
2011-02-25 14:07 . 2011-02-25 14:07 397152 ----a-w- c:\windows\SysWow64\Msfdbse.dll
2011-02-25 14:07 . 2011-02-25 14:07 253280 ----a-w- c:\windows\SysWow64\MetaStore2.dll
2011-02-25 14:07 . 2011-02-25 14:07 230240 ----a-w- c:\windows\SysWow64\Msfdb.dll
2011-02-25 14:07 . 2011-02-25 14:07 189792 ----a-w- c:\windows\SysWow64\SimpleProviders2.dll
2011-02-25 14:07 . 2011-02-25 14:07 171360 ----a-w- c:\windows\SysWow64\FileSyncProvider2.dll
2011-02-25 14:07 . 2011-02-25 14:07 156512 ----a-w- c:\windows\SysWow64\FeedSync2.dll
2011-02-19 06:37 . 2011-03-09 00:32 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 00:32 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 00:32 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 00:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 00:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-03 02:40 . 2010-11-12 00:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-26 06:53 . 2011-02-09 22:49 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 22:49 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 22:49 144384 ----a-w- c:\windows\system32\cdd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgde rdrv.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-05 1436424]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\D03A.tmp [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TF sExDisk.sys [2010-06-09 16392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 245352]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileReposi tory\stwrt64.inf_amd64_neutral_960c1f056a541068\AE STSr64.exe [2009-03-02 89600]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-09-16 719152]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vfs101a;vfs101a;c:\windows\system32\drivers\vfs101 a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"combofix"="c:\combofix\CF31474.cfxxe" [X]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:61152
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Kimberly\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\IMVU\Run IMVU.lnk
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Pidgin - c:\program files (x86)\Pidgin\pidgin-uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\M EMSWEEP2]
"ImagePath"="\??\c:\windows\system32\D03A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00 ,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
.
************************************************** ************************
.
Completion time: 2011-04-12 13:07:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-12 18:07
.
Pre-Run: 160,078,565,376 bytes free
Post-Run: 159,819,661,312 bytes free
.
- - End Of File - - 1188951EB4627F95C32928AACD1AA526