Multiple Problems I Can't Fix. Please Help

ChatterBox2 · June 29, 2011

Here's my list of recent problems that I believe are being caused by some kind of malware that I can't find and then I'll post my logs:

1. A couple weeks ago something uninstalled my McAfee Total Protection and installed Microsoft Security Essentials without my knowledge. I'm not sure how or when but when I tried to manually uninstall Microsoft Security Essentials and reinstall McAfee Total Protection I constantly get the following error "We're having trouble installing your McAfee software. Please make sure you have JavaScript installed on your PC." I've uninstalled and reinstalled JavaScript and still getting the same error so I had to go back to a trial version of Norton AV that installed without any problems.

2. I have also been trying to install an Autodek program and keep getting the following error "Error 2738. Could not access VBScript run time for custom action." I've searched a dozen places and followed these recommendations blogs.msdn.com/b/heaths/archive/2007/05/31/windows-installer-errors-2738-and-2739-with-script-custom-actions.aspx?PageIndex=1#comments with absolutely no change in the symptoms.

3. I have UAC disabled because I can't stand to get all the pop-ups. When I re-enable UAC and re-start my computer I get to the log in screen, type my info and try to log in it says "Welcome" for a few seconds then "Logging Off" and back to the log in screen. I have to re-start in safe mode to disable UAC and then it logs in properly.

4. Last week I sent an email to several people with a spreadsheet attached and one of the recipients replied to tell me their McAfee VirusScan had detected a potential threat and quarantined my email. I downloaded the most recent Malwarebytes, SuperAntiSpyware, and McAfee Stinger (in addition to several other stand alone free scanners) and ran FULL SCANS. McAfee Stinger was the only program to find and remove anything which was some kind of Fake AV Trojan (Windows Automatic Updates restarted my computer before I was able to save the log to a file). I have run the same programs a several times since then and have not found any other viruses or trojans or anything, but I am still having the problems as listed in #1, 2, & 3.

Now for my logs:

***********************************************************************************************

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by BHaynes at 12:21:39 on 2011-06-29

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe

C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\mobsync.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe

C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\msiexec.exe

C:\Users\BHaynes\Desktop\dds.scr

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k Akamai

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k swprv

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://my.yahoo.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.8.0.41\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Autodesk DWF: {f03966d3-8ea0-47b4-bbe0-85bfe6cbc8ac} - c:\program files\autodesk\autodesk dwf writer\dwf addin\DWFIEAddin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all by FlashGet3 - c:\users\bhaynes\appdata\roaming\flashgetbho\GetAllUrl.htm

IE: Download by FlashGet3 - c:\users\bhaynes\appdata\roaming\flashgetbho\GetUrl.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} - hxxp://wal-mart-us.evocoworkspace.com/Public/ClientComponents/saxfile.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.0.1.1

TCP: Interfaces\{6FE546A5-90C1-41C5-843F-D49BC102FEC6} : DhcpNameServer = 10.0.1.1

Hosts: 192.168.111.9 dvsatl-sbs

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\bhaynes\appdata\roaming\mozilla\firefox\profiles\tpgzcbt7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk

FF - component: c:\program files\mozilla firefox\distribution\bundles\{d19ca586-dd6c-4a0a-96f8-14644f340d60}\components\scriptff.dll

FF - component: c:\users\bhaynes\appdata\roaming\mozilla\firefox\profiles\tpgzcbt7.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll

FF - component: c:\users\bhaynes\appdata\roaming\mozilla\firefox\profiles\tpgzcbt7.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.27\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbreader.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npfreedwg.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

FF - plugin: c:\users\bhaynes\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\users\bhaynes\appdata\roaming\mozilla\firefox\profiles\tpgzcbt7.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll

.

============= SERVICES / DRIVERS ===============

.

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? Evscvdem;Evscvdem

R? gupdate1c9ff1c38d17e02;Google Update Service (gupdate1c9ff1c38d17e02)

R? gupdatem;Google Update Service (gupdatem)

R? LMIRfsClientNP;LMIRfsClientNP

R? MpKsl4e80b0e9;MpKsl4e80b0e9

R? MpKsl9c8dbe71;MpKsl9c8dbe71

R? rt70x86;RT2500 USB Wireless LAN Driver for Vista

R? SABKUTIL;SABKUTIL

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? AdobeARMservice;Adobe Acrobat Update Service

S? Akamai;Akamai NetSession Interface

S? ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor

S? b57nd60x;%SvcDispName%

S? BHDrvx86;Symantec Heuristics Driver

S? ccHP;Symantec Hash Provider

S? FontCache;Windows Font Cache Service

S? IDSVix86;IDSVix86

S? LMIRfsDriver;LogMeIn Remote File System Driver

S? Norton AntiVirus;Norton AntiVirus

S? RDPDISPM;RDPDISPM

S? SASDIFSV;SASDIFSV

S? SASKUTIL;SASKUTIL

S? SymEFA;Symantec Extended File Attributes

S? SYMNDISV;Symantec Network Filter Driver

S? wlcrasvc;Windows Live Mesh remote connections service

.

=============== Created Last 30 ================

.

2011-06-29 16:21:39 -------- d-----r- C:\Pictures

2011-06-29 16:04:19 -------- d-----w- c:\program files\ESET

2011-06-29 15:11:08 276992 ----a-w- c:\windows\system32\schannel.dll

2011-06-29 15:07:03 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2dc3b857-e3cd-489a-8ab8-973ca365c0b0}\mpengine.dll

2011-06-29 15:01:26 -------- d-----w- c:\users\bhaynes\appdata\local\{C928801B-7282-439F-91CD-C602BFB95565}

2011-06-29 13:31:50 -------- d-----w- c:\programdata\McAfee(119)

2011-06-27 14:16:19 -------- d-----w- c:\users\bhaynes\appdata\local\{27B7DF5E-395F-4DBD-A9F3-B8E2B70204C8}

2011-06-24 12:24:26 -------- d-----w- c:\users\bhaynes\appdata\local\{042BBBCE-9603-4A0C-AF9D-800146B6F92E}

2011-06-23 21:00:48 148520 ----a-w- c:\windows\system32\mfevtps.exe.b616.deleteme

2011-06-23 13:02:24 -------- d-----w- c:\program files\MSECache

2011-06-23 12:25:16 148520 ----a-w- c:\windows\system32\mfevtps.exe.2135.deleteme

2011-06-23 12:18:40 -------- d-----w- c:\users\bhaynes\appdata\local\{047BB013-B792-4542-B9C3-53E15001EB66}

2011-06-22 16:29:47 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-06-22 16:29:45 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-06-22 15:02:05 48688 ----a-w- c:\windows\system32\drivers\nav\1008000.029\symndisv.sys

2011-06-22 15:02:05 36400 ----a-w- c:\windows\system32\drivers\nav\1008000.029\symndis.sys

2011-06-22 15:02:05 217136 ----a-w- c:\windows\system32\drivers\nav\1008000.029\symtdi.sys

2011-06-22 15:02:04 89904 ----a-w- c:\windows\system32\drivers\nav\1008000.029\symfw.sys

2011-06-22 15:02:04 33072 ----a-w- c:\windows\system32\drivers\nav\1008000.029\symids.sys

2011-06-22 15:02:03 43696 ----a-w- c:\windows\system32\drivers\nav\1008000.029\srtspx.sys

2011-06-22 15:02:03 310320 ----a-w- c:\windows\system32\drivers\nav\1008000.029\SymEFA.sys

2011-06-22 15:02:01 308272 ----a-w- c:\windows\system32\drivers\nav\1008000.029\srtsp.sys

2011-06-22 15:02:00 259632 ----a-w- c:\windows\system32\drivers\nav\1008000.029\BHDrvx86.sys

2011-06-22 15:00:11 482432 ----a-w- c:\windows\system32\drivers\nav\1008000.029\cchpx86.sys

2011-06-22 15:00:06 -------- d-----w- c:\windows\system32\drivers\nav\1008000.029

2011-06-22 12:44:25 -------- d-----w- c:\users\bhaynes\appdata\local\{2E7D9EAC-C4F9-4F94-A663-2F353DF41045}

2011-06-21 00:29:21 -------- d-----w- c:\users\bhaynes\appdata\local\{69B55125-64BA-40BF-B3F8-0DF8191C84D1}

2011-06-20 20:50:38 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2011-06-20 20:50:18 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-06-20 20:50:17 -------- d-----w- c:\program files\Symantec

2011-06-20 20:49:18 89776 ----a-w- c:\windows\system32\drivers\nav\1005000.086\symfw.sys

2011-06-20 20:49:18 482352 ----a-w- c:\windows\system32\drivers\nav\1005000.086\cchpx86.sys

2011-06-20 20:49:18 43696 ----a-w- c:\windows\system32\drivers\nav\1005000.086\srtspx.sys

2011-06-20 20:49:18 39984 ----a-w- c:\windows\system32\drivers\nav\1005000.086\symndisv.sys

2011-06-20 20:49:18 37296 ----a-w- c:\windows\system32\drivers\nav\1005000.086\symndis.sys

2011-06-20 20:49:18 34736 ----a-w- c:\windows\system32\drivers\nav\1005000.086\symids.sys

2011-06-20 20:49:18 310320 ----a-w- c:\windows\system32\drivers\nav\1005000.086\SymEFA.sys

2011-06-20 20:49:18 307760 ----a-w- c:\windows\system32\drivers\nav\1005000.086\srtsp.sys

2011-06-20 20:49:18 258608 ----a-w- c:\windows\system32\drivers\nav\1005000.086\BHDrvx86.sys

2011-06-20 20:49:18 217392 ----a-w- c:\windows\system32\drivers\nav\1005000.086\symtdi.sys

2011-06-20 20:48:51 -------- d-----w- c:\windows\system32\drivers\nav\1005000.086

2011-06-20 20:48:51 -------- d-----w- c:\windows\system32\drivers\NAV

2011-06-20 20:48:48 -------- d-----w- c:\programdata\Symantec

2011-06-20 20:48:48 -------- d-----w- c:\program files\Norton AntiVirus

2011-06-20 20:48:17 -------- d-----w- c:\programdata\NortonInstaller

2011-06-20 20:48:17 -------- d-----w- c:\program files\NortonInstaller

2011-06-20 20:42:46 -------- d-----w- c:\users\bhaynes\appdata\roaming\SUPERAntiSpyware.com

2011-06-20 20:42:05 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-20 19:15:04 29272 ----a-r- c:\windows\system32\AdobePDF.dll

2011-06-20 19:10:14 -------- d-----r- C:\Documents

2011-06-20 18:22:11 -------- d-----w- C:\Autodesk

2011-06-20 12:28:50 -------- d-----w- c:\users\bhaynes\appdata\local\{87779FF1-09B6-4C4D-AB02-61D7F4831F7C}

2011-06-16 16:38:38 -------- d-----w- c:\users\bhaynes\appdata\local\{60AE4CBE-9390-4533-A824-FCB84A450E34}

2011-06-16 16:13:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-06-16 16:13:13 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll

2011-06-16 16:13:12 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-06-16 16:07:30 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-06-16 14:00:26 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-16 14:00:24 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-16 14:00:13 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 14:00:12 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 13:59:56 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-16 13:59:53 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-16 13:59:53 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-16 13:59:53 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-16 13:59:45 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-13 12:04:20 -------- d-----w- c:\users\bhaynes\appdata\local\{2D7C6105-E01C-4E2D-99EB-EBB2F123DA1A}

2011-06-08 13:20:56 179720 ----a-w- c:\programdata\microsoft\windows\start menu\programs\winrar\Rar.exe

2011-06-08 13:20:56 116740 ----a-w- c:\programdata\microsoft\windows\start menu\programs\winrar\UnRAR.exe

2011-06-08 12:06:49 -------- d-----w- c:\users\bhaynes\appdata\local\{DEC88451-B385-4B99-89A4-FBA9F415055A}

2011-06-06 16:55:30 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-06-06 16:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-06-06 12:39:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-06 12:38:58 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-06 12:38:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-06 11:59:32 -------- d-----w- c:\users\bhaynes\appdata\local\{210802AB-CFBE-4F18-AE6F-9DF4DC5FACF6}

2011-06-02 21:16:31 -------- d-----w- c:\program files\Tim Heuer

2011-06-02 14:50:33 -------- d-----w- c:\users\bhaynes\appdata\local\{FFFE4FA2-2646-42CD-8BC2-AA120807743B}

.

==================== Find3M ====================

.

2011-06-20 20:07:51 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-20 20:06:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-06 13:14:24 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

.

============= FINISH: 12:24:55.24 ===============

***********************************************************************************************

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6977

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

6/29/2011 2:05:29 PM

mbam-log-2011-06-29 (14-05-29).txt

Scan type: Quick scan

Objects scanned: 191405

Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I thank you in advance for your time

Attach.zip

D-FRED-BROWN · June 30, 2011

Hello ChatterBox2 and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

***Note: In order for ComboFix to run properly McAfee must be uninstalled. Please go here and follow the instructions to uninstall McAfee.

You can reinstall it after the computer is clean.

-------------

Please download to your Desktop:

TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

TDSSKiller_log.txt

how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

C:\ComboFix.txt
TDSSKiller log
Security Check checkup.txt

How is your computer running now?

ChatterBox2 · July 1, 2011

my internet has been down on the computer with the problems and with the holidays it will be Wednesday before I can run these programs and post results

D-FRED-BROWN · July 1, 2011

Okay, no worries. Thank you for letting me know .

ChatterBox2 · July 5, 2011

After running these programs I was able to successfully install my Autodesk program (#2 from original post), but I am still unable to install McAfee and I still have the UAC log-in problems (#1 and #3 from original post.

Below are the logs from the programs:

2011/07/05 09:25:49.0968 2676 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21

2011/07/05 09:25:50.0514 2676 ================================================================================

2011/07/05 09:25:50.0514 2676 SystemInfo:

2011/07/05 09:25:50.0514 2676

2011/07/05 09:25:50.0514 2676 OS Version: 6.0.6002 ServicePack: 2.0

2011/07/05 09:25:50.0514 2676 Product type: Workstation

2011/07/05 09:25:50.0514 2676 ComputerName: PC23

2011/07/05 09:25:50.0530 2676 UserName: BHaynes

2011/07/05 09:25:50.0530 2676 Windows directory: C:\Windows

2011/07/05 09:25:50.0530 2676 System windows directory: C:\Windows

2011/07/05 09:25:50.0530 2676 Processor architecture: Intel x86

2011/07/05 09:25:50.0530 2676 Number of processors: 2

2011/07/05 09:25:50.0530 2676 Page size: 0x1000

2011/07/05 09:25:50.0530 2676 Boot type: Normal boot

2011/07/05 09:25:50.0530 2676 ================================================================================

2011/07/05 09:25:51.0076 2676 Initialize success

2011/07/05 09:25:54.0992 2288 ================================================================================

2011/07/05 09:25:54.0992 2288 Scan started

2011/07/05 09:25:54.0992 2288 Mode: Manual;

2011/07/05 09:25:54.0992 2288 ================================================================================

2011/07/05 09:25:56.0130 2288 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2011/07/05 09:25:56.0224 2288 ADIHdAudAddService (41c36efa848853a63d406f2b2b21c9de) C:\Windows\system32\drivers\ADIHdAud.sys

2011/07/05 09:25:56.0302 2288 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/07/05 09:25:56.0739 2288 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/07/05 09:25:56.0926 2288 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/07/05 09:25:56.0973 2288 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/07/05 09:25:57.0066 2288 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

2011/07/05 09:25:57.0144 2288 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

2011/07/05 09:25:57.0176 2288 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/07/05 09:25:57.0222 2288 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys

2011/07/05 09:25:57.0254 2288 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

2011/07/05 09:25:57.0285 2288 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys

2011/07/05 09:25:57.0332 2288 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/07/05 09:25:57.0363 2288 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2011/07/05 09:25:57.0550 2288 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/07/05 09:25:57.0597 2288 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/07/05 09:25:57.0675 2288 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/05 09:25:57.0737 2288 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2011/07/05 09:25:58.0034 2288 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys

2011/07/05 09:25:58.0268 2288 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/07/05 09:25:58.0439 2288 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys

2011/07/05 09:25:58.0533 2288 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/07/05 09:25:58.0580 2288 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

2011/07/05 09:25:58.0642 2288 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/07/05 09:25:58.0736 2288 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\Windows\System32\Drivers\NAV\1008000.029\BHDrvx86.sys

2011/07/05 09:25:58.0860 2288 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/05 09:25:58.0923 2288 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/07/05 09:25:59.0079 2288 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/07/05 09:25:59.0141 2288 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/07/05 09:25:59.0188 2288 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/07/05 09:25:59.0235 2288 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/07/05 09:25:59.0297 2288 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/07/05 09:25:59.0360 2288 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/07/05 09:25:59.0484 2288 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\Windows\System32\Drivers\NAV\1008000.029\ccHPx86.sys

2011/07/05 09:25:59.0594 2288 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/05 09:25:59.0656 2288 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2011/07/05 09:25:59.0687 2288 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/07/05 09:25:59.0765 2288 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2011/07/05 09:25:59.0843 2288 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys

2011/07/05 09:25:59.0890 2288 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

2011/07/05 09:25:59.0968 2288 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/07/05 09:26:00.0108 2288 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/07/05 09:26:00.0202 2288 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys

2011/07/05 09:26:00.0264 2288 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys

2011/07/05 09:26:00.0374 2288 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys

2011/07/05 09:26:00.0530 2288 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

2011/07/05 09:26:00.0686 2288 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2011/07/05 09:26:00.0810 2288 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys

2011/07/05 09:26:00.0920 2288 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

2011/07/05 09:26:00.0966 2288 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2011/07/05 09:26:01.0029 2288 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/07/05 09:26:01.0169 2288 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/07/05 09:26:01.0325 2288 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/05 09:26:01.0450 2288 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys

2011/07/05 09:26:01.0544 2288 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/07/05 09:26:01.0684 2288 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2011/07/05 09:26:01.0793 2288 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/07/05 09:26:01.0902 2288 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/07/05 09:26:02.0090 2288 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2011/07/05 09:26:02.0136 2288 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2011/07/05 09:26:02.0183 2288 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/05 09:26:02.0277 2288 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/07/05 09:26:02.0339 2288 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/07/05 09:26:02.0386 2288 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/05 09:26:02.0448 2288 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2011/07/05 09:26:02.0542 2288 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/05 09:26:02.0573 2288 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/07/05 09:26:02.0792 2288 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/07/05 09:26:02.0870 2288 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/07/05 09:26:02.0916 2288 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/07/05 09:26:02.0963 2288 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/05 09:26:03.0010 2288 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/07/05 09:26:03.0057 2288 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2011/07/05 09:26:03.0119 2288 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/07/05 09:26:03.0197 2288 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/07/05 09:26:03.0275 2288 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/07/05 09:26:03.0540 2288 IDSVix86 (c15fcea5c150314489698b2571a5190d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110623.002\IDSvix86.sys

2011/07/05 09:26:03.0743 2288 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/07/05 09:26:03.0852 2288 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2011/07/05 09:26:03.0899 2288 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/05 09:26:04.0024 2288 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/05 09:26:04.0118 2288 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/07/05 09:26:04.0164 2288 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/07/05 09:26:04.0242 2288 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/07/05 09:26:04.0289 2288 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

2011/07/05 09:26:04.0352 2288 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/07/05 09:26:04.0570 2288 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/07/05 09:26:04.0632 2288 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/07/05 09:26:04.0679 2288 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/07/05 09:26:04.0710 2288 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/07/05 09:26:04.0820 2288 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/05 09:26:04.0929 2288 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\Windows\system32\DRIVERS\LHidFilt.Sys

2011/07/05 09:26:04.0976 2288 LHidKe (af5f5a417d4d63ec5b185f68d116c7f5) C:\Windows\system32\DRIVERS\LHidKE.Sys

2011/07/05 09:26:05.0022 2288 LHidUsbK (5b01270a6c8fd096003fda63241bb993) C:\Windows\system32\Drivers\LHidUsbK.Sys

2011/07/05 09:26:05.0069 2288 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/05 09:26:05.0147 2288 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys

2011/07/05 09:26:05.0256 2288 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys

2011/07/05 09:26:05.0288 2288 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\Windows\system32\DRIVERS\LMouFilt.Sys

2011/07/05 09:26:05.0444 2288 LMouKE (48791430fc819197fca82830a357a183) C:\Windows\system32\DRIVERS\LMouKE.Sys

2011/07/05 09:26:05.0506 2288 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/07/05 09:26:05.0584 2288 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/07/05 09:26:05.0631 2288 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/07/05 09:26:05.0849 2288 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/07/05 09:26:05.0943 2288 LUsbFilt (81642f134929946ab4b9572c4c17298c) C:\Windows\system32\Drivers\LUsbFilt.Sys

2011/07/05 09:26:06.0005 2288 LUsbKbd (34e994cb4d18799d39b563a84b438bc7) C:\Windows\system32\Drivers\LUsbKbd.Sys

2011/07/05 09:26:06.0052 2288 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/07/05 09:26:06.0161 2288 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/07/05 09:26:06.0224 2288 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/05 09:26:06.0286 2288 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/07/05 09:26:06.0473 2288 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/05 09:26:06.0536 2288 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/07/05 09:26:06.0582 2288 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/07/05 09:26:06.0801 2288 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/05 09:26:07.0082 2288 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/07/05 09:26:07.0191 2288 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2011/07/05 09:26:07.0238 2288 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/05 09:26:07.0269 2288 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/05 09:26:07.0300 2288 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/05 09:26:07.0331 2288 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys

2011/07/05 09:26:07.0362 2288 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/07/05 09:26:07.0534 2288 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/07/05 09:26:07.0628 2288 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/07/05 09:26:07.0721 2288 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/05 09:26:07.0768 2288 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/05 09:26:07.0784 2288 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/07/05 09:26:07.0830 2288 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2011/07/05 09:26:07.0924 2288 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/07/05 09:26:08.0049 2288 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/07/05 09:26:08.0127 2288 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2011/07/05 09:26:08.0205 2288 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/05 09:26:08.0517 2288 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2011/07/05 09:26:08.0688 2288 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/05 09:26:08.0751 2288 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/05 09:26:08.0813 2288 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/05 09:26:09.0125 2288 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/07/05 09:26:09.0219 2288 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/05 09:26:09.0297 2288 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/05 09:26:09.0593 2288 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/07/05 09:26:09.0671 2288 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2011/07/05 09:26:09.0858 2288 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/05 09:26:10.0233 2288 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2011/07/05 09:26:10.0311 2288 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/07/05 09:26:10.0373 2288 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/07/05 09:26:10.0420 2288 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/07/05 09:26:10.0467 2288 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/07/05 09:26:10.0514 2288 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

2011/07/05 09:26:10.0716 2288 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

2011/07/05 09:26:10.0872 2288 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys

2011/07/05 09:26:10.0919 2288 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2011/07/05 09:26:10.0982 2288 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys

2011/07/05 09:26:11.0044 2288 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2011/07/05 09:26:11.0060 2288 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\DRIVERS\pciide.sys

2011/07/05 09:26:11.0106 2288 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/07/05 09:26:11.0184 2288 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/07/05 09:26:11.0340 2288 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/05 09:26:11.0387 2288 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/07/05 09:26:11.0450 2288 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/05 09:26:11.0496 2288 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys

2011/07/05 09:26:11.0574 2288 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/07/05 09:26:11.0637 2288 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/07/05 09:26:11.0699 2288 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/05 09:26:11.0793 2288 R300 (e52b7a5010011c29063684cac1a6bbf0) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/07/05 09:26:11.0933 2288 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/05 09:26:11.0980 2288 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/05 09:26:12.0042 2288 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/05 09:26:12.0089 2288 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/05 09:26:12.0136 2288 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/05 09:26:12.0167 2288 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/05 09:26:12.0214 2288 RDPDISPM (3a3a4c256b91276210d3a2faf019313d) C:\Windows\system32\DRIVERS\rdpdispm.sys

2011/07/05 09:26:12.0354 2288 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys

2011/07/05 09:26:12.0417 2288 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/05 09:26:12.0479 2288 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2011/07/05 09:26:12.0557 2288 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/05 09:26:12.0604 2288 rt70x86 (5a54d765d6092b23d47ad9dbf7f6d7e4) C:\Windows\system32\DRIVERS\netr70.sys

2011/07/05 09:26:12.0791 2288 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/07/05 09:26:12.0807 2288 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/07/05 09:26:13.0056 2288 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/07/05 09:26:13.0150 2288 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/07/05 09:26:13.0228 2288 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/05 09:26:13.0290 2288 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

2011/07/05 09:26:13.0353 2288 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/07/05 09:26:13.0431 2288 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

2011/07/05 09:26:13.0493 2288 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/05 09:26:13.0540 2288 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/05 09:26:13.0587 2288 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/07/05 09:26:13.0618 2288 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

2011/07/05 09:26:13.0649 2288 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/07/05 09:26:13.0680 2288 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/07/05 09:26:13.0743 2288 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2011/07/05 09:26:13.0883 2288 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/07/05 09:26:14.0008 2288 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

2011/07/05 09:26:14.0164 2288 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\Windows\System32\Drivers\NAV\1008000.029\SRTSP.SYS

2011/07/05 09:26:14.0273 2288 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\Windows\system32\drivers\NAV\1008000.029\SRTSPX.SYS

2011/07/05 09:26:14.0351 2288 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

2011/07/05 09:26:14.0445 2288 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/05 09:26:14.0507 2288 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/05 09:26:14.0570 2288 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/07/05 09:26:14.0694 2288 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/07/05 09:26:14.0819 2288 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/07/05 09:26:14.0928 2288 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS

2011/07/05 09:26:15.0022 2288 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS

2011/07/05 09:26:15.0396 2288 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\Windows\System32\Drivers\NAV\1008000.029\SYMFW.SYS

2011/07/05 09:26:15.0521 2288 SymIM (34f1c9d5dcc19df1e824d6b73767b8af) C:\Windows\system32\DRIVERS\SymIMv.sys

2011/07/05 09:26:15.0740 2288 SYMNDISV (dcbf73da96cce94933c8cc6eded3c98b) C:\Windows\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS

2011/07/05 09:26:16.0098 2288 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\Windows\System32\Drivers\NAV\1008000.029\SYMTDI.SYS

2011/07/05 09:26:16.0301 2288 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/07/05 09:26:16.0348 2288 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/07/05 09:26:16.0426 2288 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys

2011/07/05 09:26:16.0676 2288 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/05 09:26:16.0785 2288 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/05 09:26:16.0863 2288 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/07/05 09:26:16.0925 2288 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/07/05 09:26:16.0972 2288 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/05 09:26:16.0988 2288 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2011/07/05 09:26:17.0128 2288 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/05 09:26:17.0268 2288 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/07/05 09:26:17.0300 2288 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/05 09:26:17.0346 2288 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/07/05 09:26:17.0409 2288 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/05 09:26:17.0487 2288 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/05 09:26:17.0518 2288 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/07/05 09:26:17.0549 2288 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/07/05 09:26:17.0596 2288 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/07/05 09:26:17.0674 2288 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/07/05 09:26:17.0736 2288 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys

2011/07/05 09:26:17.0846 2288 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\Windows\system32\Drivers\usbaapl.sys

2011/07/05 09:26:18.0017 2288 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/05 09:26:18.0064 2288 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/07/05 09:26:18.0126 2288 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/05 09:26:18.0158 2288 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/05 09:26:18.0189 2288 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/07/05 09:26:18.0267 2288 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/05 09:26:18.0314 2288 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/05 09:26:18.0423 2288 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/05 09:26:18.0579 2288 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/05 09:26:18.0626 2288 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/07/05 09:26:18.0688 2288 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

2011/07/05 09:26:18.0719 2288 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/07/05 09:26:18.0860 2288 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys

2011/07/05 09:26:18.0906 2288 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/07/05 09:26:18.0953 2288 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2011/07/05 09:26:19.0047 2288 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2011/07/05 09:26:19.0078 2288 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/07/05 09:26:19.0125 2288 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/07/05 09:26:19.0187 2288 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/05 09:26:19.0218 2288 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/05 09:26:19.0390 2288 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/07/05 09:26:19.0468 2288 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/05 09:26:19.0640 2288 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/05 09:26:19.0796 2288 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/07/05 09:26:19.0936 2288 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/05 09:26:19.0998 2288 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/05 09:26:20.0061 2288 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

2011/07/05 09:26:20.0092 2288 Boot (0x1200) (5f2c961260384bddedf756602f70d454) \Device\Harddisk0\DR0\Partition0

2011/07/05 09:26:20.0092 2288 Boot (0x1200) (5416561bf2535460bd001f86efb9c504) \Device\Harddisk0\DR0\Partition1

2011/07/05 09:26:20.0108 2288 ================================================================================

2011/07/05 09:26:20.0108 2288 Scan finished

2011/07/05 09:26:20.0108 2288 ================================================================================

2011/07/05 09:26:20.0123 3792 Detected object count: 0

2011/07/05 09:26:20.0123 3792 Actual detected object count: 0

ComboFix 11-07-05.02 - BHaynes 07/05/2011 9:34.2.2 - x86

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.989 [GMT -4:00]

Running from: c:\users\BHaynes\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{991B1E79-12B6-40C3-A081-1FC47C6F2F37}\_Setup.dll

c:\programdata\Tarma Installer\{991B1E79-12B6-40C3-A081-1FC47C6F2F37}\Setup.dat

c:\programdata\Tarma Installer\{991B1E79-12B6-40C3-A081-1FC47C6F2F37}\Setup.exe

c:\programdata\Tarma Installer\{991B1E79-12B6-40C3-A081-1FC47C6F2F37}\Setup.ico

.

((((((((((((((((((((((((( Files Created from 2011-06-05 to 2011-07-05 )))))))))))))))))))))))))))))))

.

2011-07-05 13:44 . 2011-07-05 13:45 -------- d-----w- c:\users\bhaynes\AppData\Local\temp

2011-07-05 13:44 . 2011-07-05 13:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-07-05 13:44 . 2011-07-05 13:44 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-07-05 13:44 . 2011-07-05 13:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-05 13:44 . 2011-07-05 13:44 -------- d-----w- c:\users\administrator\AppData\Local\temp

2011-07-05 13:44 . 2011-07-05 13:44 -------- d-----w- c:\users\Administrator.PC23\AppData\Local\temp

2011-07-05 13:24 . 2011-07-05 13:24 -------- d-----w- c:\users\bhaynes\AppData\Local\{B342A4E1-F0F5-4C6E-AE19-36C5D3018C64}

2011-07-05 12:33 . 2011-07-05 12:33 -------- d-----w- c:\users\bhaynes\AppData\Local\{C867F406-F31E-4B06-9C4B-666A517A0B49}

2011-06-29 19:43 . 2011-06-29 19:43 -------- d-----w- C:\zbhaynes

2011-06-29 18:31 . 2011-06-29 18:31 -------- d-----w- c:\users\bhaynes\AppData\Roaming\Avira

2011-06-29 18:24 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-06-29 18:24 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-06-29 18:24 . 2011-06-29 18:24 -------- d-----w- c:\programdata\Avira

2011-06-29 18:24 . 2011-06-29 18:24 -------- d-----w- c:\program files\Avira

2011-06-29 16:21 . 2011-06-29 16:21 -------- d-----r- C:\Pictures

2011-06-29 15:11 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll

2011-06-29 15:07 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2DC3B857-E3CD-489A-8AB8-973CA365C0B0}\mpengine.dll

2011-06-29 15:01 . 2011-06-29 15:01 -------- d-----w- c:\users\bhaynes\AppData\Local\{C928801B-7282-439F-91CD-C602BFB95565}

2011-06-29 13:31 . 2011-06-29 13:32 -------- d-----w- c:\programdata\McAfee(119)

2011-06-27 14:16 . 2011-06-29 02:16 -------- d-----w- c:\users\bhaynes\AppData\Local\{27B7DF5E-395F-4DBD-A9F3-B8E2B70204C8}

2011-06-24 12:24 . 2011-06-25 00:24 -------- d-----w- c:\users\bhaynes\AppData\Local\{042BBBCE-9603-4A0C-AF9D-800146B6F92E}

2011-06-23 21:00 . 2011-03-13 15:45 148520 ----a-w- c:\windows\system32\mfevtps.exe.b616.deleteme

2011-06-23 13:02 . 2011-06-23 14:21 -------- d-----w- c:\program files\MSECache

2011-06-23 12:25 . 2011-03-13 15:45 148520 ----a-w- c:\windows\system32\mfevtps.exe.2135.deleteme

2011-06-23 12:18 . 2011-06-23 12:18 -------- d-----w- c:\users\bhaynes\AppData\Local\{047BB013-B792-4542-B9C3-53E15001EB66}

2011-06-22 16:29 . 2011-06-22 16:29 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-22 16:29 . 2011-06-22 16:29 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-22 12:44 . 2011-06-22 12:44 -------- d-----w- c:\users\bhaynes\AppData\Local\{2E7D9EAC-C4F9-4F94-A663-2F353DF41045}

2011-06-21 00:29 . 2011-06-22 00:29 -------- d-----w- c:\users\bhaynes\AppData\Local\{69B55125-64BA-40BF-B3F8-0DF8191C84D1}

2011-06-20 20:50 . 2010-01-20 20:35 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2011-06-20 20:50 . 2011-06-22 15:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-06-20 20:50 . 2011-06-29 14:56 -------- d-----w- c:\program files\Symantec

2011-06-20 20:48 . 2011-06-29 14:56 -------- d-----w- c:\windows\system32\drivers\NAV

2011-06-20 20:48 . 2011-06-29 14:56 -------- d-----w- c:\program files\Norton AntiVirus

2011-06-20 20:48 . 2011-06-29 14:12 -------- d-----w- c:\programdata\Symantec

2011-06-20 20:48 . 2011-06-29 14:56 -------- d-----w- c:\program files\NortonInstaller

2011-06-20 20:48 . 2011-06-29 14:09 -------- d-----w- c:\programdata\NortonInstaller

2011-06-20 20:42 . 2011-06-20 20:42 -------- d-----w- c:\users\bhaynes\AppData\Roaming\SUPERAntiSpyware.com

2011-06-20 20:42 . 2011-06-20 20:43 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-20 20:08 . 2011-06-20 20:08 -------- d-----w- c:\program files\Common Files\Java

2011-06-20 19:15 . 2007-03-23 08:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll

2011-06-20 19:10 . 2011-06-30 14:13 -------- d-----r- C:\Documents

2011-06-20 18:22 . 2011-06-20 18:22 -------- d-----w- C:\Autodesk

2011-06-20 12:28 . 2011-06-20 12:28 -------- d-----w- c:\users\bhaynes\AppData\Local\{87779FF1-09B6-4C4D-AB02-61D7F4831F7C}

2011-06-16 16:38 . 2011-06-18 04:38 -------- d-----w- c:\users\bhaynes\AppData\Local\{60AE4CBE-9390-4533-A824-FCB84A450E34}

2011-06-16 16:13 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-06-16 16:13 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2011-06-16 16:13 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-06-16 16:07 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-06-16 14:00 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-16 14:00 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-16 14:00 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 14:00 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 13:59 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-16 13:59 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-16 13:59 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-16 13:59 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-16 13:59 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-13 12:04 . 2011-06-16 00:06 -------- d-----w- c:\users\bhaynes\AppData\Local\{2D7C6105-E01C-4E2D-99EB-EBB2F123DA1A}

2011-06-08 13:20 . 2011-05-28 08:01 179720 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\WinRAR\Rar.exe

2011-06-08 13:20 . 2011-05-28 08:01 116740 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\WinRAR\UnRAR.exe

2011-06-08 12:06 . 2011-06-11 12:07 -------- d-----w- c:\users\bhaynes\AppData\Local\{DEC88451-B385-4B99-89A4-FBA9F415055A}

2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2011-06-06 14:39 . 2011-06-06 14:39 -------- d-----w- c:\program files\Java

2011-06-06 12:39 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-06 12:38 . 2011-06-06 12:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-06 12:38 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-06 11:59 . 2011-06-06 11:59 -------- d-----w- c:\users\bhaynes\AppData\Local\{210802AB-CFBE-4F18-AE6F-9DF4DC5FACF6}

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-20 20:07 . 2010-06-04 12:09 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-20 20:06 . 2011-05-06 13:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-24 23:14 . 2010-06-07 11:17 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-06 13:16 . 2011-05-06 13:16 53248 ----a-r- c:\users\bhaynes\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-05-06 13:14 . 2010-06-04 12:50 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-05-06 12:49 . 2011-05-06 12:49 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-06 12:49 . 2011-05-06 12:49 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-05-06 12:49 . 2011-05-06 12:49 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-05-06 12:49 . 2011-05-06 12:49 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-05-06 12:49 . 2011-05-06 12:49 161792 ----a-w- c:\windows\system32\msls31.dll

2011-05-06 12:49 . 2011-05-06 12:49 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-05-06 12:49 . 2011-05-06 12:49 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-05-06 12:49 . 2011-05-06 12:49 367104 ----a-w- c:\windows\system32\html.iec

2011-05-06 12:49 . 2011-05-06 12:49 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-05-06 12:49 . 2011-05-06 12:49 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-06 12:49 . 2011-05-06 12:49 152064 ----a-w- c:\windows\system32\wextract.exe

2011-05-06 12:49 . 2011-05-06 12:49 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-06 12:49 . 2011-05-06 12:49 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-05-06 12:49 . 2011-05-06 12:49 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-05-06 12:49 . 2011-05-06 12:49 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-06 12:49 . 2011-05-06 12:49 11776 ----a-w- c:\windows\system32\mshta.exe

2011-05-06 12:49 . 2011-05-06 12:49 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-05-06 12:49 . 2011-05-06 12:49 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-05-06 12:49 . 2011-05-06 12:49 101888 ----a-w- c:\windows\system32\admparse.dll

2011-05-06 11:23 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-06-22 16:29 . 2011-05-09 11:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\BHaynes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\BHaynes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\BHaynes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\BHaynes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2010-09-23 1448800]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-10 1097728]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

.

c:\users\BHaynes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\BHaynes\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]

2010-08-09 12:47 248832 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

.

R1 MpKsl4e80b0e9;MpKsl4e80b0e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{787E9FFD-A21F-4E7D-BC3D-3DB956C1BDC3}\MpKsl4e80b0e9.sys [x]

R1 MpKsl9c8dbe71;MpKsl9c8dbe71;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3FE24DA-75DC-4A50-B451-61AC3872A690}\MpKsl9c8dbe71.sys [x]

R1 SABKUTIL;SABKUTIL;c:\program files\SUPERAntiSpyware\SABKUTIL.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1c9ff1c38d17e02;Google Update Service (gupdate1c9ff1c38d17e02);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 133104]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 133104]

R3 rt70x86;RT2500 USB Wireless LAN Driver for Vista;c:\windows\system32\DRIVERS\netr70.sys [2010-04-27 306016]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 Evscvdem;Evscvdem; [x]

R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-04 691696]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS [2010-01-20 310320]

S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NAV\1008000.029\BHDrvx86.sys [2010-01-20 259632]

S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NAV\1008000.029\ccHPx86.sys [2011-06-22 482432]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110623.002\IDSvix86.sys [2011-06-11 367736]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]

S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-12 79432]

S2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [2010-01-20 117640]

S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 179712]

S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-09-22 15488]

S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS [2010-01-20 48688]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 97707018

*Deregistered* - 97707018

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 16:01]

.

2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 16:01]

.

2011-07-05 c:\windows\Tasks\User_Feed_Synchronization-{307FBE63-78DE-48AE-B5DB-EA1D4CA11559}.job

- c:\windows\system32\msfeedssync.exe [2011-05-06 12:49]

.

2011-07-05 c:\windows\Tasks\User_Feed_Synchronization-{D4259123-4C23-4764-9D12-AA51E09F4AC4}.job

- c:\windows\system32\msfeedssync.exe [2011-05-06 12:49]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.yahoo.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all by FlashGet3 - c:\users\BHaynes\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download by FlashGet3 - c:\users\BHaynes\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 10.0.1.1

FF - ProfilePath - c:\users\BHaynes\AppData\Roaming\Mozilla\Firefox\Profiles\tpgzcbt7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{991B1E79-12B6-40C3-A081-1FC47C6F2F37} - c:\progra~2\TARMAI~1\{991B1~1\Setup.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-05 09:44

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton AntiVirus]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

.

Completion time: 2011-07-05 09:53:07

ComboFix-quarantined-files.txt 2011-07-05 13:53

ComboFix2.txt 2010-06-04 17:06

.

Pre-Run: 14,020,530,176 bytes free

Post-Run: 16,952,725,504 bytes free

.

- - End Of File - - 0B418E1FD2F7896B782CD217CF3CD3E0

Results of screen317's Security Check version 0.99.17

Windows Vista Service Pack 2 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Disabled!

Avira AntiVir Personal - Free Antivirus

Norton AntiVirus

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 26

Adobe Flash Player 10.3.181.26

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

D-FRED-BROWN · July 5, 2011

Glad to hear the computer is running better!

but I am still unable to install McAfee

Please hold off on reinstalling McAfee. I'll let you know when its safest to do so .

We still have a little more cleanup to do.

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::
Driver::
97707018
File::
C:\Windows\System32\Drivers\97707018.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

ChatterBox2 · July 6, 2011

Done. I did not try to install McAfee but the UAC problem still exists.

Here's the ComboFix log:

ComboFix 11-07-05.02 - BHaynes 07/06/2011 8:04.3.2 - x86

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.1078 [GMT -4:00]

Running from: c:\users\BHaynes\Desktop\ComboFix.exe

Command switches used :: c:\users\BHaynes\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\System32\Drivers\97707018.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_97707018

.

((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))

.

2011-07-06 12:13 . 2011-07-06 12:17 -------- d-----w- c:\users\bhaynes\AppData\Local\temp

2011-07-06 12:13 . 2011-07-06 12:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-07-06 12:13 . 2011-07-06 12:13 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-07-06 12:13 . 2011-07-06 12:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-06 12:13 . 2011-07-06 12:13 -------- d-----w- c:\users\administrator\AppData\Local\temp

2011-07-06 12:13 . 2011-07-06 12:13 -------- d-----w- c:\users\Administrator.PC23\AppData\Local\temp

2011-07-06 11:56 . 2011-07-06 11:56 -------- d-----w- c:\users\bhaynes\AppData\Local\{F458550C-0021-405E-805B-2775DA9407E0}

2011-07-05 14:34 . 2011-07-05 14:34 348256 ----a-w- c:\programdata\Microsoft\VSTAHost\Architecture2012\9.0\1033\ResourceCache.dll

2011-07-05 14:17 . 2011-07-05 14:17 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll

2011-07-05 14:15 . 2011-07-05 14:15 -------- d-----w- c:\program files\Microsoft SDKs

2011-07-05 14:10 . 2011-07-05 14:34 -------- d-----w- c:\program files\Common Files\Autodesk Shared

2011-07-05 14:05 . 2011-07-05 14:05 -------- d-----w- c:\programdata\McAfee