Author Topic: [Resolved] Google redirecting links-can't turn on my firewall (Read 1331 times)

Veritas81 · « **on:** September 29, 2011, 10:31:22 AM »

Hi there! I'm having the following problems. Recently I haven't been able to use Google. Every time I attempt to do a search I get redirected to other sites (especially to ad sites). I installed malawarebytes and it didn't fix the problem. Then I installed spyware doctor (something like that) and after I ran a full scan it ask me to restart my computer so I did. Then when my laptop was rebooting I received an error message from windows telling me that it couldn't finish the re-booting process because apparently I had installed a harmful software. The only option that I had was to start the computer with an old registry. The problem is still here!!! and it's driving me crazy.

Another issue that I'm facing is that my mcafee firewall won't start, I keep receiving a message that it's turn off but when I attempt to turn it on it won't do so. I contacted Mcafee and they say that it was because my windows firewall is not on. I try to turn it on and I received a message box telling me that an error occurred. I conntacted Microsoft and they told me to contact Macfee. Can somebody please help?! Thank you

Hoov · « **Reply #1 on:** September 29, 2011, 10:42:50 AM »

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Please copy and paste both logs into your next response. You may need more than one response.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Veritas81 · « **Reply #2 on:** October 03, 2011, 11:54:56 AM »

Hi Hoov! Thank you for your response! I ran the DDS scan and here is the content of the DDS file. Veritas81
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by WILLIAM at 13:46:21 on 2011-10-03
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2933.1544 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Windows\system32\mfevtps.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\vds.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Users\WILLIAM\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ewtn.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110520111028.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
TB: !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "C:\Users\WILLIAM\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\WILLIAM\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8F809C99-D892-4776-B672-35CE57BE7E50} : DhcpNameServer = 196.12.0.22 196.12.0.21
TCP: Interfaces\{AC430563-F28F-4F41-B43D-A956F90CC6B0} : DhcpNameServer = 136.145.180.248 136.145.180.251
TCP: Interfaces\{CFFC22BA-D403-4E87-94DE-C5779184FCAF} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CFFC22BA-D403-4E87-94DE-C5779184FCAF}\4656661657C647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CFFC22BA-D403-4E87-94DE-C5779184FCAF}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CFFC22BA-D403-4E87-94DE-C5779184FCAF}\7796275667 : DhcpNameServer = 192.168.1.1
AppInit_DLLs:
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
BHO-X64: MediaBar - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110520111028.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: MediaBar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
IE-X64: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64:
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-2-1 92160]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-3-20 60928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-20 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-20 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-2-20 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-2-20 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-20 705856]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-20 355440]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 vwmfbus;Vertex Wireless Composite Device driver (WDM);C:\Windows\system32\DRIVERS\vwmfbus.sys --> C:\Windows\system32\DRIVERS\vwmfbus.sys [?]
S3 vwmfdiag;Vertex Wireless Diagnostic Monitor Port Driver (WDM);C:\Windows\system32\DRIVERS\vwmfdiag.sys --> C:\Windows\system32\DRIVERS\vwmfdiag.sys [?]
S3 vwmfmdfl;~Vertex Wireless CDC Modem Filter~;C:\Windows\system32\DRIVERS\vwmfmdfl.sys --> C:\Windows\system32\DRIVERS\vwmfmdfl.sys [?]
S3 vwmfmdm;Vertex Wireless CDC Modem Driver;C:\Windows\system32\DRIVERS\vwmfmdm.sys --> C:\Windows\system32\DRIVERS\vwmfmdm.sys [?]
S3 vwmfserd;Vertex Wireless Device Management Port Driver (WDM);C:\Windows\system32\DRIVERS\vwmfserd.sys --> C:\Windows\system32\DRIVERS\vwmfserd.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2011-09-29 16:13:59   388096   ----a-r-   C:\Users\WILLIAM\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-29 16:13:57   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2011-09-29 16:00:44   605184   ----a-w-   C:\Windows\SysWow64\KEYLIB32.dll
2011-09-29 16:00:44   591360   ----a-w-   C:\Windows\SysWow64\skca32.dll
2011-09-29 16:00:44   49152   ----a-w-   C:\Windows\SysWow64\LaunchAppInSession.dll
2011-09-29 16:00:44   --------   d-----w-   C:\Users\WILLIAM\AppData\Roaming\PDFeXPLODE
2011-09-29 16:00:43   2220032   ----a-w-   C:\Windows\SysWow64\Chilkat.dll
2011-09-29 16:00:42   3702784   ----a-w-   C:\Windows\SysWow64\pdfexplode.dll
2011-09-29 16:00:42   159528   ----a-w-   C:\Windows\SysWow64\pdfexplodespl.exe
2011-09-29 16:00:41   66560   ----a-w-   C:\Windows\SysWow64\PDFeXPLODElst.dll
2011-09-29 16:00:41   --------   d-----w-   C:\Program Files (x86)\PDF-eXPLODE
2011-09-27 17:24:10   --------   d-----w-   C:\Users\WILLIAM\AppData\Roaming\SUPERAntiSpyware.com
2011-09-27 17:23:20   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2011-09-27 17:23:20   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2011-09-27 16:25:50   --------   d-----w-   C:\Users\WILLIAM\AppData\Roaming\Malwarebytes
2011-09-27 16:25:36   --------   d-----w-   C:\ProgramData\Malwarebytes
2011-09-27 16:25:33   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-27 14:51:20   --------   d-----w-   C:\Windows\System32\EventProviders
2011-09-27 14:51:03   --------   d-----w-   C:\f7ad960e8cacc770714afed50ffa9311
2011-09-23 01:38:59   --------   d-----w-   C:\ProgramData\Citrix
2011-09-20 14:26:04   --------   d-----w-   C:\Users\WILLIAM\AppData\Roaming\McAfee
2011-09-18 21:56:05   --------   d-----we   C:\Windows\system64
2011-09-14 18:23:10   --------   d-----w-   C:\MTO
2011-09-13 14:12:52   --------   d-----w-   C:\Program Files (x86)\Liveware Publishing
.
==================== Find3M ====================
.
2011-07-22 05:35:08   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-07-22 04:56:17   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53   243200   ----a-w-   C:\Windows\System32\wow64.dll
2011-07-16 05:26:53   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18   214528   ----a-w-   C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32   422400   ----a-w-   C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46   338432   ----a-w-   C:\Windows\System32\conhost.exe
2011-07-16 04:36:09   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14   44032   ----a-w-   C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27   272384   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47   6144   ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47   4608   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14:10   2048   ----a-w-   C:\Windows\System32\tzres.dll
2011-07-09 04:30:52   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2011-07-09 02:44:55   287744   ----a-w-   C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 13:48:20.94 ===============

Veritas81 · « **Reply #3 on:** October 03, 2011, 12:01:43 PM »

Hi again Hoov! Please4 find here attached the Attach.txt file. Thanks! :)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/8/2010 7:40:33 PM
System Uptime: 10/3/2011 1:34:21 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 056DH9
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | CPU 1 | 1855/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 167.645 GiB free.
D: is CDROM (UDF)
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Windows Firewall Authorization Driver
Device ID: ROOT\LEGACY_MPSDRV\0000
Manufacturer:
Name: Windows Firewall Authorization Driver
PNP Device ID: ROOT\LEGACY_MPSDRV\0000
Service: mpsdrv
.
==== System Restore Points ===================
.
RP75: 9/27/2011 10:52:50 AM - Windows 7 Service Pack 1
RP77: 9/29/2011 11:31:43 AM - Windows Update
RP79: 9/29/2011 12:13:42 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Accelerometer
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.2
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
Google Chrome
Google Talk Plugin
HiJackThis
HTC Driver Installer
HTC Sync
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Live! Cam Avatar Creator
McAfee SecurityCenter
McAfee Virtual Technician
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visio Premium 2010
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Web Developer 2010 Express - ENU
MSVCRT
PDF-eXPLODE V3.1.0.1
PowerDVD DX
POWERPREP II
QuickTime
R&R ReportWorks Infinity
Realtek High Definition Audio Driver
Roxio Burn
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2553008)
Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
Security Update for Microsoft Visual Web Developer 2010 Express - ENU (KB2251489)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VW100 Connection Manager
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
9/28/2011 3:03:42 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={46B51306-2E22-40A0-8D17-58037CCC2CB4}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
9/28/2011 3:01:44 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={754F9D68-287F-4062-9F6E-4DED97176AC7}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
9/28/2011 3:00:29 PM, Error: Microsoft-Windows-RasSstp [1] - CoId={9D4DF5CB-63C1-4BA7-849B-6D87099FEE9C}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
9/28/2011 1:24:29 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
9/28/2011 1:23:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
9/27/2011 8:40:20 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer STEVE-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CFFC22BA-D403-4E87-94DE-C5779184FCAF}. The master browser is stopping or an election is being forced.
9/27/2011 7:50:58 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
9/27/2011 11:59:19 AM, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/1134475328/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
9/27/2011 11:59:19 AM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
9/27/2011 11:24:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.
9/27/2011 10:51:38 AM, Error: Microsoft-Windows-Service Pack Installer [6] - The Service Pack cannot be installed when the computer is running on battery power.
9/27/2011 10:40:32 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80030be060, 0xfffff80000ba2748, 0xfffffa80063d9c10). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092711-20919-01.
10/3/2011 1:37:45 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
10/3/2011 1:37:45 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2011 1:37:45 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
10/3/2011 1:37:35 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
10/3/2011 1:37:33 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{CFFC22BA-D403-4E87-94DE-C5779184FCAF} because another computer on the network has the same name. The server could not start.
10/3/2011 1:37:33 PM, Error: NetBT [4321] - The name "WILLIAM-PC :20" could not be registered on the interface with IP address 192.168.1.52. The computer with the IP address 192.168.1.241 did not allow the name to be claimed by this computer.
10/3/2011 1:37:33 PM, Error: NetBT [4321] - The name "WILLIAM-PC :0" could not be registered on the interface with IP address 192.168.1.52. The computer with the IP address 192.168.1.241 did not allow the name to be claimed by this computer.
10/3/2011 1:15:31 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2011 1:15:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/3/2011 1:15:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/3/2011 1:14:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/3/2011 1:14:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/3/2011 1:14:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/3/2011 1:14:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/3/2011 1:14:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
10/3/2011 1:10:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa80030c4a20, 0xfffff80007540518, 0xfffffa80023d6a00). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100311-17877-01.
10/3/2011 1:10:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfenlfk mfewfpk NetBIOS NetBT nsiproxy Psched rdbss spldr Tcpip tdx vwififlt Wanarpv6 WfpLwf
10/3/2011 1:10:37 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2011 1:10:36 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2011 1:10:36 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2011 1:10:36 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2011 1:10:36 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2011 1:10:36 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2011 1:10:36 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2011 1:10:36 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2011 1:10:36 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2011 1:10:36 PM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2011 1:10:36 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2011 1:10:36 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2011 1:10:36 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2011 1:10:36 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/3/2011 1:10:36 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2011 1:10:36 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2011 1:10:36 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/3/2011 1:10:36 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2011 1:45:22 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
.
==== End Of File ===========================

Hoov · « **Reply #4 on:** October 03, 2011, 06:39:01 PM »

For the future, please post any logs unless we specifically ask for them to be attached. If you read the instructions for DDS that I gave, it asks for the attach file to be posted, not attached.

Anyhow, on to fixing your problem.

Did Malwarebytes' Anti-Malware remove any infected files? If so can you post the log up that shows that?

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Veritas81 · « **Reply #5 on:** October 06, 2011, 10:35:49 AM »

Hi Hoov! Thanks for your reply. I had already ran the Malwarebytes and it didn't find anything. I did what you asked for but it didn't find anything

. Please find here the report that the scan created. I'll appreciate all the help you can give me in this.

12:30:04.0303 4464   TDSS rootkit removing tool 2.6.5.0 Oct 5 2011 20:52:46
12:30:05.0534 4464   ============================================================
12:30:05.0534 4464   Current date / time: 2011/10/06 12:30:05.0534
12:30:05.0534 4464   SystemInfo:
12:30:05.0534 4464
12:30:05.0534 4464   OS Version: 6.1.7600 ServicePack: 0.0
12:30:05.0534 4464   Product type: Workstation
12:30:05.0534 4464   ComputerName: WILLIAM-PC
12:30:05.0534 4464   UserName: WILLIAM
12:30:05.0534 4464   Windows directory: C:\Windows
12:30:05.0534 4464   System windows directory: C:\Windows
12:30:05.0534 4464   Running under WOW64
12:30:05.0534 4464   Processor architecture: Intel x64
12:30:05.0534 4464   Number of processors: 4
12:30:05.0534 4464   Page size: 0x1000
12:30:05.0534 4464   Boot type: Normal boot
12:30:05.0534 4464   ============================================================
12:30:07.0502 4464   Initialize success
12:30:41.0838 4220   ============================================================
12:30:41.0838 4220   Scan started
12:30:41.0838 4220   Mode: Manual; SigCheck;
12:30:41.0838 4220   ============================================================
12:30:47.0645 4220   1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:30:47.0946 4220   1394ohci - ok
12:30:48.0321 4220   Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
12:30:48.0343 4220   Acceler - ok
12:30:48.0416 4220   ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:30:48.0437 4220   ACPI - ok
12:30:48.0507 4220   AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:30:48.0629 4220   AcpiPmi - ok
12:30:48.0701 4220   adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:30:48.0729 4220   adp94xx - ok
12:30:48.0769 4220   adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:30:48.0808 4220   adpahci - ok
12:30:48.0832 4220   adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:30:48.0854 4220   adpu320 - ok
12:30:48.0915 4220   AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
12:30:48.0978 4220   AFD - ok
12:30:49.0001 4220   agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:30:49.0016 4220   agp440 - ok
12:30:49.0086 4220   aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:30:49.0119 4220   aliide - ok
12:30:49.0142 4220   amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:30:49.0156 4220   amdide - ok
12:30:49.0185 4220   AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:30:49.0225 4220   AmdK8 - ok
12:30:49.0236 4220   AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:30:49.0281 4220   AmdPPM - ok
12:30:49.0344 4220   amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
12:30:49.0378 4220   amdsata - ok
12:30:49.0422 4220   amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:30:49.0459 4220   amdsbs - ok
12:30:49.0496 4220   amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
12:30:49.0511 4220   amdxata - ok
12:30:49.0583 4220   AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:30:49.0733 4220   AppID - ok
12:30:49.0850 4220   arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:30:49.0884 4220   arc - ok
12:30:49.0905 4220   arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:30:49.0921 4220   arcsas - ok
12:30:50.0081 4220   AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:30:50.0245 4220   AsyncMac - ok
12:30:50.0330 4220   atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:30:50.0360 4220   atapi - ok
12:30:50.0435 4220   b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:30:50.0604 4220   b06bdrv - ok
12:30:50.0684 4220   b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:30:50.0765 4220   b57nd60a - ok
12:30:50.0807 4220   BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
12:30:50.0953 4220   BCM42RLY - ok
12:30:51.0103 4220   BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:30:51.0249 4220   BCM43XX - ok
12:30:51.0398 4220   Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:30:51.0536 4220   Beep - ok
12:30:51.0613 4220   blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:30:51.0649 4220   blbdrive - ok
12:30:51.0708 4220   bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:30:51.0855 4220   bowser - ok
12:30:51.0883 4220   BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:30:51.0914 4220   BrFiltLo - ok
12:30:51.0927 4220   BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:30:51.0973 4220   BrFiltUp - ok
12:30:52.0029 4220   Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:30:52.0232 4220   Brserid - ok
12:30:52.0243 4220   BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:30:52.0292 4220   BrSerWdm - ok
12:30:52.0304 4220   BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:30:52.0349 4220   BrUsbMdm - ok
12:30:52.0360 4220   BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:30:52.0417 4220   BrUsbSer - ok
12:30:52.0687 4220   BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:30:52.0796 4220   BthEnum - ok
12:30:52.0816 4220   BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:30:52.0882 4220   BTHMODEM - ok
12:30:52.0941 4220   BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:30:52.0993 4220   BthPan - ok
12:30:53.0041 4220   BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys
12:30:53.0079 4220   BTHPORT - ok
12:30:53.0117 4220   BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys
12:30:53.0146 4220   BTHUSB - ok
12:30:53.0160 4220   btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
12:30:53.0173 4220   btwaudio - ok
12:30:53.0246 4220   btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
12:30:53.0299 4220   btwavdt - ok
12:30:53.0339 4220   btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
12:30:53.0361 4220   btwl2cap - ok
12:30:53.0421 4220   btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
12:30:53.0433 4220   btwrchid - ok
12:30:53.0514 4220   cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:30:53.0637 4220   cdfs - ok
12:30:53.0706 4220   cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:30:53.0728 4220   cdrom - ok
12:30:53.0817 4220   cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
12:30:53.0842 4220   cfwids - ok
12:30:53.0859 4220   circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:30:53.0884 4220   circlass - ok
12:30:53.0916 4220   CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:30:53.0941 4220   CLFS - ok
12:30:54.0047 4220   CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:30:54.0107 4220   CmBatt - ok
12:30:54.0142 4220   cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:30:54.0164 4220   cmdide - ok
12:30:54.0196 4220   CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
12:30:54.0294 4220   CNG - ok
12:30:54.0341 4220   Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:30:54.0354 4220   Compbatt - ok
12:30:54.0406 4220   CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:30:54.0440 4220   CompositeBus - ok
12:30:54.0478 4220   crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:30:54.0493 4220   crcdisk - ok
12:30:54.0584 4220   CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
12:30:54.0690 4220   CSC - ok
12:30:54.0761 4220   CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:30:54.0911 4220   CtClsFlt - ok
12:30:55.0017 4220   DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
12:30:55.0087 4220   DfsC - ok
12:30:55.0122 4220   discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:30:55.0192 4220   discache - ok
12:30:55.0242 4220   Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:30:55.0257 4220   Disk - ok
12:30:55.0370 4220   drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:30:55.0423 4220   drmkaud - ok
12:30:55.0468 4220   DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:30:55.0520 4220   DXGKrnl - ok
12:30:55.0629 4220   ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:30:55.0816 4220   ebdrv - ok
12:30:55.0896 4220   elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:30:55.0955 4220   elxstor - ok
12:30:56.0079 4220   ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:30:56.0174 4220   ErrDev - ok
12:30:56.0231 4220   exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:30:56.0302 4220   exfat - ok
12:30:56.0325 4220   fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:30:56.0392 4220   fastfat - ok
12:30:56.0423 4220   fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:30:56.0472 4220   fdc - ok
12:30:56.0529 4220   FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:30:56.0543 4220   FileInfo - ok
12:30:56.0568 4220   Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:30:56.0667 4220   Filetrace - ok
12:30:56.0680 4220   flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:30:56.0740 4220   flpydisk - ok
12:30:56.0821 4220   FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:30:56.0844 4220   FltMgr - ok
12:30:56.0875 4220   FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:30:56.0890 4220   FsDepends - ok
12:30:56.0917 4220   Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:30:56.0951 4220   Fs_Rec - ok
12:30:57.0007 4220   fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:30:57.0027 4220   fvevol - ok
12:30:57.0087 4220   gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:30:57.0102 4220   gagp30kx - ok
12:30:57.0163 4220   GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:30:57.0187 4220   GEARAspiWDM - ok
12:30:57.0243 4220   hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:30:57.0286 4220   hcw85cir - ok
12:30:57.0397 4220   HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:30:57.0464 4220   HDAudBus - ok
12:30:57.0518 4220   HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:30:57.0532 4220   HECIx64 - ok
12:30:57.0546 4220   HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:30:57.0578 4220   HidBatt - ok
12:30:57.0692 4220   HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:30:57.0806 4220   HidBth - ok
12:30:57.0878 4220   HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:30:57.0911 4220   HidIr - ok
12:30:57.0964 4220   HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:30:57.0990 4220   HidUsb - ok
12:30:58.0035 4220   HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:30:58.0051 4220   HpSAMD - ok
12:30:58.0114 4220   HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:30:58.0183 4220   HTTP - ok
12:30:58.0214 4220   hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:30:58.0228 4220   hwpolicy - ok
12:30:58.0339 4220   i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:30:58.0380 4220   i8042prt - ok
12:30:58.0488 4220   iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
12:30:58.0534 4220   iaStorV - ok
12:30:58.0793 4220   igfx (404548917acaaa314165c2882b045c94) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:30:59.0079 4220   igfx - ok
12:30:59.0190 4220   iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:30:59.0204 4220   iirsp - ok
12:30:59.0281 4220   Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
12:30:59.0351 4220   Impcd - ok
12:30:59.0467 4220   IntcAzAudAddService (a9638fa0fb0c5b86229c3fd809ce8cff) C:\Windows\system32\drivers\RTKVHD64.sys
12:30:59.0586 4220   IntcAzAudAddService - ok
12:30:59.0632 4220   IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:30:59.0692 4220   IntcDAud - ok
12:30:59.0731 4220   intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:30:59.0762 4220   intelide - ok
12:30:59.0817 4220   intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:30:59.0848 4220   intelppm - ok
12:30:59.0899 4220   IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:30:59.0959 4220   IpFilterDriver - ok
12:30:59.0989 4220   IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:31:00.0016 4220   IPMIDRV - ok
12:31:00.0038 4220   IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:31:00.0121 4220   IPNAT - ok
12:31:00.0169 4220   IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:31:00.0223 4220   IRENUM - ok
12:31:00.0249 4220   isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:31:00.0263 4220   isapnp - ok
12:31:00.0295 4220   iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:31:00.0314 4220   iScsiPrt - ok
12:31:00.0367 4220   k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
12:31:00.0389 4220   k57nd60a - ok
12:31:00.0422 4220   kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:31:00.0440 4220   kbdclass - ok
12:31:00.0464 4220   kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:31:00.0494 4220   kbdhid - ok
12:31:00.0519 4220   KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
12:31:00.0538 4220   KSecDD - ok
12:31:00.0582 4220   KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
12:31:00.0599 4220   KSecPkg - ok
12:31:00.0617 4220   ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:31:00.0693 4220   ksthunk - ok
12:31:00.0858 4220   lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:31:00.0946 4220   lltdio - ok
12:31:00.0994 4220   LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:31:01.0009 4220   LSI_FC - ok
12:31:01.0021 4220   LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:31:01.0039 4220   LSI_SAS - ok
12:31:01.0050 4220   LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:31:01.0067 4220   LSI_SAS2 - ok
12:31:01.0085 4220   LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:31:01.0108 4220   LSI_SCSI - ok
12:31:01.0125 4220   luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:31:01.0201 4220   luafv - ok
12:31:01.0280 4220   megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:31:01.0300 4220   megasas - ok
12:31:01.0340 4220   MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:31:01.0360 4220   MegaSR - ok
12:31:01.0402 4220   mfeapfk (31338e489314ae2a29534fbaa7ad2f1b) C:\Windows\system32\drivers\mfeapfk.sys
12:31:01.0416 4220   mfeapfk - ok
12:31:01.0459 4220   mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
12:31:01.0473 4220   mfeavfk - ok
12:31:01.0526 4220   mfeavfk01 - ok
12:31:01.0575 4220   mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
12:31:01.0601 4220   mfefirek - ok
12:31:01.0645 4220   mfehidk (a2607740bb18d631da01e01dcb81843b) C:\Windows\system32\drivers\mfehidk.sys
12:31:01.0669 4220   mfehidk - ok
12:31:01.0693 4220   mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
12:31:01.0706 4220   mfenlfk - ok
12:31:01.0735 4220   mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
12:31:01.0748 4220   mferkdet - ok
12:31:01.0818 4220   mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
12:31:01.0842 4220   mfewfpk - ok
12:31:01.0872 4220   Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:31:01.0940 4220   Modem - ok
12:31:01.0963 4220   monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:31:01.0999 4220   monitor - ok
12:31:02.0038 4220   mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:31:02.0054 4220   mouclass - ok
12:31:02.0097 4220   mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:31:02.0131 4220   mouhid - ok
12:31:02.0154 4220   mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:31:02.0170 4220   mountmgr - ok
12:31:02.0193 4220   mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:31:02.0210 4220   mpio - ok
12:31:02.0229 4220   mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:31:02.0291 4220   mpsdrv - ok
12:31:02.0345 4220   MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:31:02.0381 4220   MRxDAV - ok
12:31:02.0404 4220   mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:31:02.0461 4220   mrxsmb - ok
12:31:02.0485 4220   mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:31:02.0526 4220   mrxsmb10 - ok
12:31:02.0549 4220   mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:31:02.0584 4220   mrxsmb20 - ok
12:31:02.0605 4220   msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
12:31:02.0619 4220   msahci - ok
12:31:02.0639 4220   msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:31:02.0658 4220   msdsm - ok
12:31:02.0692 4220   Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:31:02.0750 4220   Msfs - ok
12:31:02.0916 4220   mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:31:03.0117 4220   mshidkmdf - ok
12:31:03.0138 4220   msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:31:03.0153 4220   msisadrv - ok
12:31:03.0200 4220   MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:31:03.0270 4220   MSKSSRV - ok
12:31:03.0282 4220   MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:31:03.0367 4220   MSPCLOCK - ok
12:31:03.0386 4220   MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:31:03.0461 4220   MSPQM - ok
12:31:03.0489 4220   MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:31:03.0529 4220   MsRPC - ok
12:31:03.0549 4220   mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:31:03.0567 4220   mssmbios - ok
12:31:03.0621 4220   MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:31:03.0689 4220   MSTEE - ok
12:31:03.0700 4220   MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:31:03.0730 4220   MTConfig - ok
12:31:03.0762 4220   Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:31:03.0782 4220   Mup - ok
12:31:03.0828 4220   NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:31:03.0880 4220   NativeWifiP - ok
12:31:03.0931 4220   NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:31:03.0975 4220   NDIS - ok
12:31:04.0008 4220   NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:31:04.0089 4220   NdisCap - ok
12:31:04.0124 4220   NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:31:04.0186 4220   NdisTapi - ok
12:31:04.0212 4220   Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:31:04.0266 4220   Ndisuio - ok
12:31:04.0296 4220   NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:31:04.0368 4220   NdisWan - ok
12:31:04.0387 4220   NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:31:04.0461 4220   NDProxy - ok
12:31:04.0486 4220   NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:31:04.0559 4220   NetBIOS - ok
12:31:04.0583 4220   NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:31:04.0672 4220   NetBT - ok
12:31:04.0751 4220   nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:31:04.0767 4220   nfrd960 - ok
12:31:04.0807 4220   Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:31:04.0899 4220   Npfs - ok
12:31:04.0926 4220   nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:31:04.0982 4220   nsiproxy - ok
12:31:05.0044 4220   Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
12:31:05.0234 4220   Ntfs - ok
12:31:05.0265 4220   Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:31:05.0345 4220   Null - ok
12:31:05.0373 4220   nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
12:31:05.0396 4220   nvraid - ok
12:31:05.0428 4220   nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
12:31:05.0451 4220   nvstor - ok
12:31:05.0502 4220   nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:31:05.0523 4220   nv_agp - ok
12:31:05.0560 4220   ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:31:05.0598 4220   ohci1394 - ok
12:31:05.0698 4220   Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:31:05.0722 4220   Parport - ok
12:31:05.0756 4220   partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:31:05.0774 4220   partmgr - ok
12:31:05.0865 4220   pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:31:05.0885 4220   pci - ok
12:31:05.0934 4220   pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:31:05.0954 4220   pciide - ok
12:31:05.0999 4220   pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:31:06.0025 4220   pcmcia - ok
12:31:06.0082 4220   pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:31:06.0100 4220   pcw - ok
12:31:06.0163 4220   PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:31:06.0316 4220   PEAUTH - ok
12:31:06.0400 4220   PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:31:06.0450 4220   PptpMiniport - ok
12:31:06.0477 4220   Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:31:06.0510 4220   Processor - ok
12:31:06.0555 4220   Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:31:06.0620 4220   Psched - ok
12:31:06.0682 4220   PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:31:06.0694 4220   PxHlpa64 - ok
12:31:06.0746 4220   ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:31:06.0810 4220   ql2300 - ok
12:31:06.0825 4220   ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:31:06.0844 4220   ql40xx - ok
12:31:06.0904 4220   QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:31:06.0998 4220   QWAVEdrv - ok
12:31:07.0013 4220   RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:31:07.0073 4220   RasAcd - ok
12:31:07.0119 4220   RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:31:07.0184 4220   RasAgileVpn - ok
12:31:07.0217 4220   Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:31:07.0278 4220   Rasl2tp - ok
12:31:07.0305 4220   RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:31:07.0381 4220   RasPppoe - ok
12:31:07.0407 4220   RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:31:07.0473 4220   RasSstp - ok
12:31:07.0513 4220   rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:31:07.0584 4220   rdbss - ok
12:31:07.0614 4220   rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:31:07.0634 4220   rdpbus - ok
12:31:07.0697 4220   RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:31:07.0761 4220   RDPCDD - ok
12:31:07.0791 4220   RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
12:31:08.0212 4220   RDPDR - ok
12:31:08.0237 4220   RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:31:08.0334 4220   RDPENCDD - ok
12:31:08.0381 4220   RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:31:08.0437 4220   RDPREFMP - ok
12:31:08.0689 4220   RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
12:31:08.0840 4220   RDPWD - ok
12:31:08.0981 4220   rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:31:08.0999 4220   rdyboost - ok
12:31:09.0060 4220   RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:31:09.0103 4220   RFCOMM - ok
12:31:09.0163 4220   RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
12:31:09.0182 4220   RsFx0103 - ok
12:31:09.0227 4220   rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:31:09.0295 4220   rspndr - ok
12:31:09.0342 4220   RSUSBSTOR (502b316947ea887cddd325d4745eb7d0) C:\Windows\system32\Drivers\RtsUStor.sys
12:31:09.0394 4220   RSUSBSTOR - ok
12:31:09.0420 4220   s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
12:31:09.0482 4220   s3cap - ok
12:31:09.0511 4220   sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:31:09.0528 4220   sbp2port - ok
12:31:09.0551 4220   scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:31:09.0614 4220   scfilter - ok
12:31:09.0669 4220   secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:31:09.0741 4220   secdrv - ok
12:31:09.0777 4220   Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:31:09.0817 4220   Serenum - ok
12:31:09.0840 4220   Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:31:09.0871 4220   Serial - ok
12:31:09.0942 4220   sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:31:09.0997 4220   sermouse - ok
12:31:10.0054 4220   sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:31:10.0091 4220   sffdisk - ok
12:31:10.0113 4220   sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:31:10.0147 4220   sffp_mmc - ok
12:31:10.0168 4220   sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:31:10.0199 4220   sffp_sd - ok
12:31:10.0210 4220   sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:31:10.0256 4220   sfloppy - ok
12:31:10.0310 4220   SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:31:10.0325 4220   SiSRaid2 - ok
12:31:10.0339 4220   SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:31:10.0357 4220   SiSRaid4 - ok
12:31:10.0410 4220   Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:31:10.0492 4220   Smb - ok
12:31:10.0560 4220   spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:31:10.0578 4220   spldr - ok
12:31:10.0740 4220   srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
12:31:10.0902 4220   srv - ok
12:31:10.0932 4220   srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
12:31:10.0964 4220   srv2 - ok
12:31:10.0995 4220   srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
12:31:11.0022 4220   srvnet - ok
12:31:11.0085 4220   stdflt (c48e0745d33897c7a73394214f2b9b4f) C:\Windows\system32\DRIVERS\stdflt.sys
12:31:11.0095 4220   stdflt - ok
12:31:11.0119 4220   stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:31:11.0134 4220   stexstor - ok
12:31:11.0180 4220   storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
12:31:11.0201 4220   storflt - ok
12:31:11.0230 4220   storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
12:31:11.0247 4220   storvsc - ok
12:31:11.0273 4220   swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:31:11.0290 4220   swenum - ok
12:31:11.0344 4220   SynTP (5aeec2bb8065b563adbc88ca22588953) C:\Windows\system32\DRIVERS\SynTP.sys
12:31:11.0364 4220   SynTP - ok
12:31:11.0444 4220   Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
12:31:11.0562 4220   Tcpip - ok
12:31:11.0607 4220   TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
12:31:11.0660 4220   TCPIP6 - ok
12:31:11.0685 4220   tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:31:11.0741 4220   tcpipreg - ok
12:31:11.0766 4220   TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:31:11.0844 4220   TDPIPE - ok
12:31:11.0856 4220   TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:31:11.0918 4220   TDTCP - ok
12:31:11.0946 4220   tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:31:12.0006 4220   tdx - ok
12:31:12.0034 4220   TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
12:31:12.0049 4220   TermDD - ok
12:31:12.0101 4220   tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:31:12.0161 4220   tssecsrv - ok
12:31:12.0197 4220   tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:31:12.0253 4220   tunnel - ok
12:31:12.0277 4220   uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:31:12.0295 4220   uagp35 - ok
12:31:12.0312 4220   udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
12:31:12.0384 4220   udfs - ok
12:31:12.0424 4220   uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:31:12.0440 4220   uliagpkx - ok
12:31:12.0475 4220   umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:31:12.0503 4220   umbus - ok
12:31:12.0525 4220   UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:31:12.0560 4220   UmPass - ok
12:31:12.0602 4220   usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
12:31:12.0695 4220   usbccgp - ok
12:31:12.0739 4220   usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:31:12.0777 4220   usbcir - ok
12:31:12.0825 4220   usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
12:31:12.0854 4220   usbehci - ok
12:31:12.0893 4220   usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
12:31:12.0929 4220   usbhub - ok
12:31:12.0953 4220   usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
12:31:12.0979 4220   usbohci - ok
12:31:13.0011 4220   usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:31:13.0033 4220   usbprint - ok
12:31:13.0073 4220   usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:31:13.0152 4220   usbscan - ok
12:31:13.0191 4220   USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:31:13.0266 4220   USBSTOR - ok
12:31:13.0290 4220   usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
12:31:13.0315 4220   usbuhci - ok
12:31:13.0352 4220   usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
12:31:13.0391 4220   usbvideo - ok
12:31:13.0450 4220   vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:31:13.0464 4220   vdrvroot - ok
12:31:13.0502 4220   vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:31:13.0525 4220   vga - ok
12:31:13.0546 4220   VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:31:13.0606 4220   VgaSave - ok
12:31:13.0634 4220   vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:31:13.0653 4220   vhdmp - ok
12:31:13.0685 4220   viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:31:13.0699 4220   viaide - ok
12:31:13.0713 4220   vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
12:31:13.0733 4220   vmbus - ok
12:31:13.0757 4220   VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
12:31:13.0785 4220   VMBusHID - ok
12:31:13.0880 4220   volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:31:13.0908 4220   volmgr - ok
12:31:13.0936 4220   volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:31:13.0965 4220   volmgrx - ok
12:31:13.0982 4220   volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:31:14.0004 4220   volsnap - ok
12:31:14.0065 4220   vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:31:14.0089 4220   vsmraid - ok
12:31:14.0132 4220   vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:31:14.0183 4220   vwifibus - ok
12:31:14.0245 4220   vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:31:14.0308 4220   vwififlt - ok
12:31:14.0403 4220   vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:31:14.0452 4220   vwifimp - ok
12:31:14.0504 4220   vwmfbus (78c95839326d741e16cde52e55360947) C:\Windows\system32\DRIVERS\vwmfbus.sys
12:31:14.0518 4220   vwmfbus - ok
12:31:14.0562 4220   vwmfdiag (47d22fceb7a1e5cc49a31812f27c6742) C:\Windows\system32\DRIVERS\vwmfdiag.sys
12:31:14.0580 4220   vwmfdiag - ok
12:31:14.0604 4220   vwmfmdfl (c1cc18fb291c576b34330d07f4ca51ad) C:\Windows\system32\DRIVERS\vwmfmdfl.sys
12:31:14.0616 4220   vwmfmdfl - ok
12:31:14.0640 4220   vwmfmdm (4017a3e1317a42d36b6831c1fe934c22) C:\Windows\system32\DRIVERS\vwmfmdm.sys
12:31:14.0654 4220   vwmfmdm - ok
12:31:14.0680 4220   vwmfserd (24ea2ac7e2eba210d8b85e445582ac24) C:\Windows\system32\DRIVERS\vwmfserd.sys
12:31:14.0694 4220   vwmfserd - ok
12:31:14.0724 4220   WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:31:14.0755 4220   WacomPen - ok
12:31:14.0802 4220   WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:31:14.0864 4220   WANARP - ok
12:31:14.0887 4220   Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:31:14.0937 4220   Wanarpv6 - ok
12:31:14.0970 4220   Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:31:14.0985 4220   Wd - ok
12:31:15.0028 4220   WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
12:31:15.0062 4220   WDC_SAM - ok
12:31:15.0096 4220   Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:31:15.0134 4220   Wdf01000 - ok
12:31:15.0202 4220   WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:31:15.0251 4220   WfpLwf - ok
12:31:15.0281 4220   WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
12:31:15.0297 4220   WimFltr - ok
12:31:15.0315 4220   WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:31:15.0330 4220   WIMMount - ok
12:31:15.0419 4220   WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
12:31:15.0451 4220   WinUsb - ok
12:31:15.0482 4220   WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:31:15.0507 4220   WmiAcpi - ok
12:31:15.0554 4220   ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:31:15.0608 4220   ws2ifsl - ok
12:31:15.0649 4220   WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
12:31:15.0716 4220   WudfPf - ok
12:31:15.0759 4220   WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:31:15.0815 4220   WUDFRd - ok
12:31:15.0901 4220   MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:31:15.0915 4220   \Device\Harddisk0\DR0 - ok
12:31:15.0918 4220   Boot (0x1200) (6cae3aca7a9db88a2bbf91848052cfd9) \Device\Harddisk0\DR0\Partition0
12:31:15.0919 4220   \Device\Harddisk0\DR0\Partition0 - ok
12:31:15.0935 4220   Boot (0x1200) (8d5114318776237af3d21279c17460d1) \Device\Harddisk0\DR0\Partition1
12:31:15.0936 4220   \Device\Harddisk0\DR0\Partition1 - ok
12:31:15.0937 4220   ============================================================
12:31:15.0937 4220   Scan finished
12:31:15.0937 4220   ============================================================
12:31:15.0961 4020   Detected object count: 0
12:31:15.0961 4020   Actual detected object count: 0

Hoov · « **Reply #6 on:** October 06, 2011, 11:10:58 AM »

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Veritas81 · « **Reply #7 on:** October 07, 2011, 05:48:10 PM »

Hello again! Thanks for your reply. I just did what you asked me and here is the content in ComboFix.txt

ComboFix 11-10-07.04 - WILLIAM 10/07/2011 19:13:40.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2933.1850 [GMT -4:00]
Running from: c:\users\WILLIAM\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-09-07 to 2011-10-07 )))))))))))))))))))))))))))))))
.
.
2011-10-07 23:21 . 2011-10-07 23:21   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-10-06 16:49 . 2011-10-06 16:49   --------   d-----w-   C:\Temp
2011-10-06 16:37 . 2009-10-10 03:17   14336   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys
2011-10-06 16:24 . 2011-10-06 16:24   --------   d-----w-   c:\windows\system32\SPReview
2011-10-04 20:38 . 2011-02-04 02:30   159528   ----a-w-   c:\windows\system32\pdfexplodespl.exe
2011-10-04 20:38 . 2011-01-06 12:42   49152   ----a-w-   c:\windows\SysWow64\LaunchAppInSession.dll
2011-10-04 20:38 . 2010-07-13 15:25   591360   ----a-w-   c:\windows\SysWow64\skca32.dll
2011-10-04 20:38 . 2010-07-13 15:24   605184   ----a-w-   c:\windows\SysWow64\KEYLIB32.dll
2011-10-04 20:38 . 2010-05-13 11:28   3702784   ----a-w-   c:\windows\SysWow64\pdfexplode.dll
2011-10-04 20:38 . 2010-02-16 14:21   2220032   ----a-w-   c:\windows\SysWow64\Chilkat.dll
2011-10-04 20:38 . 2011-10-07 20:12   --------   d-----w-   c:\users\WILLIAM\AppData\Roaming\PDFeXPLODE
2011-10-04 20:38 . 2011-10-06 16:49   --------   d-----w-   c:\program files (x86)\PDF-eXPLODE
2011-10-04 20:38 . 2010-10-01 14:53   72192   ----a-w-   c:\windows\system32\PDFeXPLODElst.dll
2011-09-29 16:13 . 2011-09-29 16:13   388096   ----a-r-   c:\users\WILLIAM\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-29 16:13 . 2011-09-29 16:13   --------   d-----w-   c:\program files (x86)\Trend Micro
2011-09-27 17:24 . 2011-09-27 17:24   --------   d-----w-   c:\users\WILLIAM\AppData\Roaming\SUPERAntiSpyware.com
2011-09-27 17:23 . 2011-09-27 20:22   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-09-27 17:23 . 2011-09-27 17:23   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-09-27 16:25 . 2011-09-27 16:25   --------   d-----w-   c:\users\WILLIAM\AppData\Roaming\Malwarebytes
2011-09-27 16:25 . 2011-09-27 16:25   --------   d-----w-   c:\programdata\Malwarebytes
2011-09-27 16:25 . 2011-09-27 20:22   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-27 14:51 . 2011-09-27 14:51   --------   d-----w-   c:\windows\system32\EventProviders
2011-09-27 14:51 . 2011-09-27 21:30   --------   d-----w-   C:\f7ad960e8cacc770714afed50ffa9311
2011-09-23 01:38 . 2011-09-23 01:38   --------   d-----w-   c:\programdata\Citrix
2011-09-20 14:26 . 2011-09-20 14:26   --------   d-----w-   c:\users\WILLIAM\AppData\Roaming\McAfee
2011-09-14 18:23 . 2011-09-22 01:55   --------   d-----w-   C:\MTO
2011-09-13 14:12 . 2011-09-13 14:12   --------   d-----w-   c:\program files (x86)\Liveware Publishing
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-09 15:38 . 2011-02-26 14:58   737072   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-08-09 15:37 . 2011-03-16 01:45   4283672   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-08-09 15:20 . 2011-02-17 21:14   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-08-09 15:20 . 2011-02-17 21:14   539968   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-07-20 13:18 . 2011-02-17 21:16   737072   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-07-20 13:17 . 2011-03-17 13:49   4283672   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-07-20 13:16 . 2011-02-17 22:17   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-07-20 13:16 . 2011-02-26 14:36   539968   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-07-16 05:26 . 2011-08-11 13:05   362496   ----a-w-   c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-11 13:05   243200   ----a-w-   c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-11 13:05   13312   ----a-w-   c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-11 13:05   214528   ----a-w-   c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-11 13:05   16384   ----a-w-   c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-11 13:05   422400   ----a-w-   c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-11 13:05   338432   ----a-w-   c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   6144   ---ha-w-   c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   5120   ---ha-w-   c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   4608   ---ha-w-   c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   4608   ---ha-w-   c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   4096   ---ha-w-   c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   4096   ---ha-w-   c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   4096   ---ha-w-   c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   4096   ---ha-w-   c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-11 13:05   14336   ----a-w-   c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-11 13:05   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-11 13:05   25600   ----a-w-   c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-11 13:05   5120   ----a-w-   c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-11 13:05   272384   ----a-w-   c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-11 13:05   4608   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   5120   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-11 13:05   7680   ----a-w-   c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-11 13:05   2048   ----a-w-   c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-11 13:05   6144   ---ha-w-   c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 13:05   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 13:05   4608   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 13:05   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
"Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-17 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\WILLIAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

R3 vwmfbus;Vertex Wireless Composite Device driver (WDM);c:\windows\system32\DRIVERS\vwmfbus.sys

R3 vwmfdiag;Vertex Wireless Diagnostic Monitor Port Driver (WDM);c:\windows\system32\DRIVERS\vwmfdiag.sys

R3 vwmfmdfl;~Vertex Wireless CDC Modem Filter~;c:\windows\system32\DRIVERS\vwmfmdfl.sys

R3 vwmfmdm;Vertex Wireless CDC Modem Driver;c:\windows\system32\DRIVERS\vwmfmdm.sys

R3 vwmfserd;Vertex Wireless Device Management Port Driver (WDM);c:\windows\system32\DRIVERS\vwmfserd.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys

S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-06 c:\windows\Tasks\vtscheduletask.job
- c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2011-09-20 18:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-31 8095776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-23 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-23 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-23 408600]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-09-07 3181136]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"combofix"="c:\combofix\CF18899.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.zenit.org/index.php?l=english
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
Toolbar-Locked - (no file)
Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~2\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
Toolbar-10 - (no file)
Toolbar-!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Common Files\Teleca Shared\logger.exe
c:\program files (x86)\Common Files\Teleca Shared\Generic.exe
c:\program files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-10-07 19:31:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-07 23:31
.
Pre-Run: 175,971,979,264 bytes free
Post-Run: 176,492,818,432 bytes free
.
- - End Of File - - A2CF92EE278F901D221C70618BF34587

When the machine rebooted Windows displayed the following message: 'c:\Windows\system32\GfxUI.exe "A device attached to the system is not functioning"'. I PrntScr the screen and after ComboFix finished I pasted it (just in case you want to see it)... Thank you Hoov!!

Hoov · « **Reply #8 on:** October 07, 2011, 06:07:14 PM »

What is the make and model of your computer?

Do you know what this file is? C:\f7ad960e8cacc770714afed50ffa9311 If you don't Please submit a sample of this file:
C:\f7ad960e8cacc770714afed50ffa9311
to Virus Total –
http://www.virustotal.com/

At the top of the page you will see:
Select file>Browse>Send
Just follow the prompts.
The submission will then be tested against many different AV vendors’ scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

When you get the report, please post back the exact results.

Also, check and see if you are still getting redirected. Let me know how it goes.

Veritas81 · « **Reply #9 on:** October 08, 2011, 04:32:49 PM »

Hi again Hoov!

I have a Dell laptop, Studio 1458. The OS is Windows 7 pro, system type: x64-PC based (I hope this is the info you asked for

)

I don't know what that file is

I did what you asked me to. Here are the results. (I copy and paste them. I also printed them in pdf format just in case the copy & paste procedure is unclear...it was easier to post the contents of notepad files)

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:
f7ad960e8cacc770714afed50ffa9311.zip

Submission date:
2011-10-08 22:00:45 (UTC)

Current status:
finished

Result:
0/41 (0.0%)

Antivirus

Version

Last Update

Result

AntiVir

7.11.15.169

2011.10.07

-

Antiy-AVL

2.0.3.7

2011.10.08

-

Avast

6.0.1289.0

2011.10.08

-

AVG

10.0.0.1190

2011.10.07

-

BitDefender

7.2

2011.10.09

-

ByteHero

1.0.0.1

2011.09.23

-

CAT-QuickHeal

11.00

2011.10.07

-

ClamAV

0.97.0.0

2011.10.09

-

Commtouch

5.3.2.6

2011.10.08

-

Comodo

10390

2011.10.08

-

DrWeb

5.0.2.03300

2011.10.09

-

Emsisoft

5.1.0.11

2011.10.08

-

eSafe

7.0.17.0

2011.10.06

-

eTrust-Vet

36.1.8605

2011.10.07

-

F-Prot

4.6.2.117

2011.10.08

-

F-Secure

9.0.16440.0

2011.10.08

-

Fortinet

4.3.370.0

2011.10.08

-

GData

22

2011.10.08

-

Ikarus

T3.1.1.107.0

2011.10.08

-

Jiangmin

13.0.900

2011.10.08

-

K7AntiVirus

9.115.5258

2011.10.08

-

Kaspersky

9.0.0.837

2011.10.08

-

McAfee

5.400.0.1158

2011.10.08

-

McAfee-GW-Edition

2010.1D

2011.10.08

-

Microsoft

1.7702

2011.10.08

-

NOD32

6527

2011.10.08

-

Norman

6.07.11

2011.10.08

-

nProtect

2011-10-08.01

2011.10.08

-

Panda

10.0.3.5

2011.10.08

-

PCTools

8.0.0.5

2011.10.08

-

Prevx

3.0

2011.10.09

-

Rising

23.78.04.03

2011.10.08

-

Sophos

4.70.0

2011.10.08

-

Symantec

20111.2.0.82

2011.10.08

-

TheHacker

6.7.0.1.318

2011.10.08

-

TrendMicro

9.500.0.1008

2011.10.08

-

TrendMicro-HouseCall

9.500.0.1008

2011.10.08

-

VBA32

3.12.16.4

2011.10.07

-

VIPRE

10703

2011.10.08

-

ViRobot

2011.10.8.4709

2011.10.08

-

VirusBuster

14.1.2.0

2011.10.08

-

Additional information

Show all

MD5 : 88e56050add8202415bc1edf78fe67e6

SHA1 : 3b018a3e076bfd12ae0f1e0dfd80c896ba9dcaad

SHA256: fbc5a5de0411b7c23ed3283ef93f4d0bbd0d5ca8ab3ee2400f5b71a9fdbde489

ssdeep: 98304:7TGaGzRcMBjuOqn9FM+q5gXMkAoghqDB2noX:XGjRhRTqnDMEMXoVcy

File size : 3304889 bytes

First seen: 2011-10-08 22:00:45

Last seen : 2011-10-08 22:00:45

Magic: Zip archive data, at least v2.0 to extract

TrID:
Mozilla Firefox browser extension (66.6%)
ZIP compressed archive (33.3%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD: -

Androguard:
-

ExifTool:
file metadata
FileSize: 3.2 MB
FileType: ZIP
MIMEType: application/zip
ZipBitFlag: 0
ZipCRC: 0x00000000
ZipCompressedSize: 0
ZipCompression: None
ZipFileName: f7ad960e8cacc770714afed50ffa9311/338adfa23edb41cc18d5b8d1/
ZipModifyDate: 2011:09:27 17:30:03
ZipRequiredVersion: 20
ZipUncompressedSize: 0

VT Community

I checked google and it's working!!!!!!!!!!!!

If there is anything else that I have to do please let me know. Once again thanks for your patience and dedication.

Hoov · « **Reply #10 on:** October 08, 2011, 06:00:34 PM »

Are you still getting the message about c:\Windows\system32\GfxUI.exe ? We do have some cleanup to do if all is well.

Veritas81 · « **Reply #11 on:** October 13, 2011, 08:42:45 AM »

Hi Hoov! I hope you're doing ok.

Not any more, although what I am getting is a message that Dell-backup stopped working. Let me know what kind of cleanup I still have to do.

Thank you!!

Veritas81

Hoov · « **Reply #12 on:** October 13, 2011, 09:19:45 AM »

If you would like to look at that remaining problem, can you tell me the exact error message? Also if you want to look at it, hold off on following the instructions below until we get it fixed.

Run OTC
Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Cleaning out Temporary Files etc. There are several different products that you can use for this. You can go thru the Internet Options in the windows Control Panel. There are several programs that also do the job better than windows does it, in my opinion. There is System Security Suite, EasyCleaner, Ccleaner. Also sometimes other program sometimes do it as well as what you originally got it for like ZoneAlarm Security Suite. Just make sure to keep them updated and use them regularly.

Disable and Enable System Restore.
I recommend you turn off System restore, and then turn it back on so that you will not be able to restore your problems to a clean computer.
For Vista use these instructions, Windows Vista Restore Guide
For XP use these instructions, Windows XP System Restore Guide
Reboot
Re-enable system restore with instructions from tutorial above
Create a System Restore Point
Go to all programs, then to accessories, then to system tools, then to system restore. Check the box for create restore point (not select a restore point), then click next and follow the instructions.

Make your Internet Explorer more secure - This can be done by following these simple instructions: (unless you are using ZoneAlarm Security Suite or something similar, then you would secure the browser thru the firewall). There are some good basic instructions for that here.

Use a different browser other than IE (most exploits are pointed towards IE). One of them is
Firefox.
It is also worth trying Thunderbird for controlling spam in your e-mail.

Always use an UPDATED anti-virus program Make sure you update this at least weekly, if not more often. This is one thing that may save you more than anything else.

Run malware scanners. Three free ones are Spybot Search and Destroy, and AdAware and Malwarebytes' Anti-Malware

Always use a firewall.
Any firewall is better than none, and you should pick a firewall that you will use, as even the best firewall is worthless if you turn it off.

Learn how to use your firewall Only programs that need it should have access to the net. But these are specific to the firewall you use, so you will need to learn how. Several firewalls have support forums here. My page will help you with ZoneAlarm if that is what you choose.

Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems. Some people swear that more protection is provided, but the reverse is true. They tend to argue amongst themselves and end up leaving holes. Now I have more than 1 AV installed on my computer, and I keep them up to date. I only run one at a time, but each program has weakness's, so I keep a backup in case my computer starts acting up.

MOST IMPORTANT : Windows and IE, and whatever other software that you have that connects to the net, needs to be kept updated. The reason is, these programs connect to the net, and if there is an internal security problem, you have already told your firewall to allow the communication, and thus you will have allowed a hole. UPDATES are important. I suggest that you make sure that Windows Updates and the updates for your antivirus and antimalware programs are set for automatic updates. I also suggest running Secunia PSI. It will monitor the software you have installed and let you know when something needs to be updated.

Don't ever use P2P or filesharing software Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

Before using any malware detection / removal software Check with Rogue/Suspect Spyware List That way you will know if the program you are looking at is on the up and up. If you want to know how it stacks up against other programs check out SpywareWarrior

We have a good guide here at Spyware Hammer on how to prevent Malware in the Future. You might want to peruse this and follow the recommendations in there.
PLEASE READ IT AND FOLLOW THE RECOMMENDATIONS TO PROTECT YOURSELF.

Let us know if you have any more problems, either new or old.
Have a good time surfing the net, but stay safe.
If you have no more problems, let me know and I will mark this as resolved. Or if you have more questions, ask away, that is why I am here.

News:

Author Topic: [Resolved] Google redirecting links-can't turn on my firewall (Read 1331 times)

Veritas81

[Resolved] Google redirecting links-can't turn on my firewall

Hoov

Re: [In Progress] Google redirecting links-can't turn on my firewall

Veritas81

Re: [In Progress] Google redirecting links-can't turn on my firewall

Veritas81

Re: [In Progress] Google redirecting links-can't turn on my firewall

Hoov

Re: [In Progress] Google redirecting links-can't turn on my firewall

Veritas81

Re: [In Progress] Google redirecting links-can't turn on my firewall

Hoov

Re: [In Progress] Google redirecting links-can't turn on my firewall

Veritas81

Re: [In Progress] Google redirecting links-can't turn on my firewall

Hoov

Re: [In Progress] Google redirecting links-can't turn on my firewall

Veritas81

Re: [In Progress] Google redirecting links-can't turn on my firewall

Hoov

Re: [In Progress] Google redirecting links-can't turn on my firewall

Veritas81

Re: [In Progress] Google redirecting links-can't turn on my firewall

Hoov

Re: [In Progress] Google redirecting links-can't turn on my firewall