Start a Conversation

Unsolved

This post is more than 5 years old

3897

July 16th, 2011 22:00

Error code 80073EFE, unable to Update windows and browser problems.

Hello, 

I am unable to update windows and whenever I use Google Chrome some webpages dont load or load incorrectly.  

Thank you  in advance for any help you can give me. 

Hijackthis log:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 05:10:46, on 17/07/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19019)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2645238

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: ::1 localhost

O2 - BHO:  AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO:  (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ZoneAlarm Security - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll

O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [Google Update] "C:\Users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SysWOW64\ZoneLabs\vsmon.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)


--

End of file - 9427 bytes

1.1K Posts

July 17th, 2011 14:00

I'm kevinf80 and I will be helping with any issues you may have. Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.

* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE

** If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE

Please proceed as follows :-

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
    Before saving Combofix to the Desktop re-name to Gotcha.exe as below:

    user posted image








  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the user posted image icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review


**** Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)


Post the log in next reply please...

Kevin




























20 Posts

July 17th, 2011 15:00

Thank you for your help and the quick response.

here is combo fix log:

ComboFix 11-07-17.03 - Ross 17/07/2011  22:18:18.1.2 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.4055.2698 [GMT 1:00]

Running from: c:\users\Ross\Desktop\Gotcha.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2011-06-17 to 2011-07-17  )))))))))))))))))))))))))))))))

.

.

2011-07-17 21:32 . 2011-07-17 21:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-17 21:12 . 2011-07-17 21:14 -------- d-----w- C:\Gotcha

2011-07-17 06:35 . 2011-07-17 06:35 -------- d-----w- c:\program files\BatteryBar

2011-07-17 03:07 . 2011-06-07 09:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D569DAA2-641A-4838-A5AD-6FFD2ACA19A3}\mpengine.dll

2011-07-17 00:32 . 2011-07-17 00:32 -------- d-----w- c:\program files (x86)\ESET

2011-07-17 00:27 . 2011-07-17 00:27 -------- d-----w- c:\program files (x86)\Trend Micro

2011-07-15 15:43 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2011-07-15 15:43 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\ca-ES

2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\eu-ES

2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\vi-VN

2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\system32\ca-ES

2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\system32\eu-ES

2011-07-15 15:13 . 2011-07-15 15:13 -------- d-----w- c:\windows\system32\vi-VN

2011-07-15 14:45 . 2011-07-15 14:45 -------- d-----w- c:\windows\system32\EventProviders

2011-07-15 14:42 . 2009-04-11 07:11 796672 ----a-w- c:\windows\system32\mssvp.dll

2011-07-15 14:40 . 2009-04-11 07:11 622592 ----a-w- c:\windows\system32\WMVXENCD.DLL

2011-07-15 14:39 . 2009-04-11 06:28 247808 ----a-w- c:\windows\SysWow64\drvstore.dll

2011-07-15 14:39 . 2009-04-11 06:28 83968 ----a-w- c:\windows\SysWow64\wbem\wmiutils.dll

2011-07-15 14:39 . 2009-04-11 06:28 30208 ----a-w- c:\windows\SysWow64\wbem\wbemprox.dll

2011-07-15 14:39 . 2009-04-11 06:28 189440 ----a-w- c:\windows\SysWow64\wbem\mofd.dll

2011-07-15 14:39 . 2009-04-11 06:28 614912 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-07-15 14:39 . 2009-04-11 06:28 265728 ----a-w- c:\windows\SysWow64\wbem\esscli.dll

2011-07-15 14:39 . 2009-04-11 07:11 43520 ----a-w- c:\windows\system32\wbem\wbemprox.dll

2011-07-15 14:39 . 2009-04-11 07:11 1172992 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-07-15 14:39 . 2009-04-11 07:11 891392 ----a-w- c:\windows\system32\wbem\fastprox.dll

2011-07-15 14:39 . 2009-04-11 07:11 936448 ----a-w- c:\windows\system32\SmiEngine.dll

2011-07-15 14:38 . 2009-04-11 07:11 293888 ----a-w- c:\windows\system32\wdscore.dll

2011-07-15 14:38 . 2009-04-11 07:10 138752 ----a-w- c:\windows\system32\PkgMgr.exe

2011-07-15 14:38 . 2009-04-11 07:11 315904 ----a-w- c:\windows\system32\drvstore.dll

2011-07-15 01:50 . 2011-07-15 01:50 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2011-07-15 01:49 . 2011-07-15 15:35 -------- d-----w- c:\program files (x86)\Microsoft.NET

2011-07-15 01:49 . 2011-07-15 01:49 -------- d-----w- c:\windows\PCHEALTH

2011-07-15 01:46 . 2011-07-15 01:46 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2011-07-15 01:44 . 2011-07-15 01:44 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2011-07-15 01:43 . 2011-07-15 01:43 -------- d-----r- C:\MSOCache

2011-07-14 22:03 . 2011-07-14 22:05 -------- d-----w- c:\program files (x86)\Auslogics

2011-07-14 21:39 . 2011-07-06 18:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-14 21:39 . 2011-07-14 21:39 -------- d-----w- c:\programdata\Malwarebytes

2011-07-14 21:39 . 2011-07-14 21:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-07-14 21:39 . 2011-07-06 18:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-14 05:23 . 2011-07-14 05:24 -------- d-----w- c:\program files (x86)\PowerISO

2011-07-14 05:23 . 2011-06-15 08:30 93240 ----a-w- c:\windows\system32\drivers\scdemu.sys

2011-07-13 22:04 . 2011-07-13 23:21 -------- d-----w- c:\program files (x86)\JDownloader

2011-07-13 21:37 . 2011-07-13 21:37 -------- d-----w- c:\program files (x86)\PC SleepTimer

2011-07-13 21:35 . 2011-06-07 09:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-13 21:33 . 2009-11-03 22:07 28160 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui

2011-07-13 21:33 . 2009-08-24 11:47 442368 ----a-w- c:\windows\system32\winhttp.dll

2011-07-13 21:33 . 2009-08-24 11:36 377344 ----a-w- c:\windows\SysWow64\winhttp.dll

2011-07-13 21:33 . 2010-09-06 18:28 179712 ----a-w- c:\windows\system32\srvsvc.dll

2011-07-13 21:33 . 2010-09-06 18:28 12288 ----a-w- c:\windows\system32\sscore.dll

2011-07-13 21:33 . 2010-09-06 18:27 17920 ----a-w- c:\windows\system32\netevent.dll

2011-07-13 21:33 . 2010-09-06 16:20 9728 ----a-w- c:\windows\SysWow64\sscore.dll

2011-07-13 21:33 . 2010-09-06 16:19 17920 ----a-w- c:\windows\SysWow64\netevent.dll

2011-07-13 19:14 . 2011-07-13 19:14 -------- d-----w- c:\program files\7-Zip

2011-07-13 19:04 . 2010-02-24 09:28 294912 ----a-w- c:\windows\system32\browserchoice.exe

2011-07-13 19:01 . 2010-02-20 23:15 32768 ----a-w- c:\windows\system32\nshhttp.dll

2011-07-13 19:00 . 2010-02-20 23:06 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll

2011-07-13 19:00 . 2010-02-20 21:30 620032 ----a-w- c:\windows\system32\drivers\http.sys

2011-07-13 19:00 . 2010-02-20 23:14 33792 ----a-w- c:\windows\system32\httpapi.dll

2011-07-13 19:00 . 2010-02-20 23:05 30720 ----a-w- c:\windows\SysWow64\httpapi.dll

2011-07-13 18:53 . 2009-11-08 09:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2011-07-13 18:53 . 2009-11-08 09:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2011-07-13 18:53 . 2009-11-08 09:55 48960 ----a-w- c:\windows\system32\netfxperf.dll

2011-07-13 18:53 . 2009-11-08 09:55 444752 ----a-w- c:\windows\system32\mscoree.dll

2011-07-13 18:53 . 2009-11-08 09:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2011-07-13 18:53 . 2009-11-08 09:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2011-07-13 18:53 . 2009-11-08 09:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2011-07-13 18:53 . 2009-11-08 09:55 1942856 ----a-w- c:\windows\system32\dfshim.dll

2011-07-13 18:53 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2011-07-13 18:53 . 2009-11-08 09:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-07-13 18:29 . 2011-07-13 19:52 -------- d-----w- c:\program files (x86)\Common Files\Steam

2011-07-13 18:29 . 2011-07-17 21:37 -------- d-----w- c:\program files (x86)\Steam

2011-07-13 15:32 . 2011-07-13 15:32 -------- d-----w- c:\windows\SMINST

2011-07-13 09:32 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-07-13 09:32 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll

2011-07-13 09:32 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-07-13 09:32 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll

2011-07-13 09:32 . 2010-05-15 15:30 453720 ------w- c:\windows\system32\drivers\vsdatant.sys

2011-07-13 09:32 . 2011-07-13 09:32 -------- d-----w- c:\program files (x86)\Zone Labs

2011-07-13 09:32 . 2011-07-13 09:32 -------- d-----w- c:\programdata\CheckPoint

2011-07-13 09:32 . 2011-07-17 21:36 -------- d-----w- c:\windows\Internet Logs

2011-07-13 09:27 . 2011-07-13 09:27 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks

2011-07-13 09:19 . 2009-08-01 06:27 201184 ----a-w- c:\windows\SysWow64\winrm.vbs

2011-07-13 09:02 . 2009-06-10 11:52 3547136 ----a-w- c:\windows\system32\mf.dll

2011-07-13 09:02 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\SysWow64\mf.dll

2011-07-13 09:00 . 2009-08-14 16:04 143360 ----a-w- c:\windows\system32\netiohlp.dll

2011-07-13 08:55 . 2010-01-25 12:08 460288 ----a-w- c:\windows\system32\msdrm.dll

2011-07-13 08:54 . 2011-02-24 16:38 991104 ----a-w- c:\windows\system32\winresume.efi

2011-07-13 08:53 . 2010-06-17 18:34 16361984 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll

2011-07-13 08:52 . 2010-12-20 16:59 847360 ----a-w- c:\windows\system32\oleaut32.dll

2011-07-13 08:52 . 2010-12-20 16:35 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-07-13 08:52 . 2011-03-10 17:18 1360384 ----a-w- c:\windows\system32\mfc42u.dll

2011-07-13 08:52 . 2011-03-10 17:18 1398784 ----a-w- c:\windows\system32\mfc42.dll

2011-07-13 08:52 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll

2011-07-13 08:52 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll

2011-07-13 08:52 . 2010-08-26 17:46 189952 ----a-w- c:\windows\system32\t2embed.dll

2011-07-13 08:52 . 2010-08-26 16:37 157184 ----a-w- c:\windows\SysWow64\t2embed.dll

2011-07-13 08:52 . 2011-04-20 16:03 451072 ----a-w- c:\windows\system32\winsrv.dll

2011-07-13 08:52 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-13 08:51 . 2010-08-31 15:46 954752 ----a-w- c:\windows\SysWow64\mfc40.dll

2011-07-13 08:51 . 2010-08-31 15:46 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll

2011-07-13 08:51 . 2009-07-15 14:47 368128 ----a-w- c:\windows\system32\wmpdxm.dll

2011-07-13 08:51 . 2009-07-15 12:39 313344 ----a-w- c:\windows\SysWow64\wmpdxm.dll

2011-07-13 08:51 . 2009-07-15 10:23 43520 ----a-w- c:\windows\system32\msdxm.tlb

2011-07-13 08:51 . 2009-07-15 10:23 18432 ----a-w- c:\windows\system32\amcompat.tlb

2011-07-13 08:51 . 2009-07-15 10:21 43520 ----a-w- c:\windows\SysWow64\msdxm.tlb

2011-07-13 08:51 . 2009-07-15 10:21 18432 ----a-w- c:\windows\SysWow64\amcompat.tlb

2011-07-13 08:51 . 2010-10-15 14:02 4699024 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-07-13 08:51 . 2010-10-15 13:43 1168512 ----a-w- c:\windows\SysWow64\ntdll.dll

2011-07-13 08:51 . 2010-10-15 13:43 1585168 ----a-w- c:\windows\system32\ntdll.dll

2011-07-13 08:50 . 2009-09-10 15:27 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe

2011-07-13 08:50 . 2009-09-10 15:27 372736 ----a-w- c:\windows\system32\unregmp2.exe

2011-07-13 08:50 . 2009-09-10 14:58 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe

2011-07-13 08:50 . 2009-09-10 14:58 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe

2011-07-13 08:47 . 2009-06-15 15:11 656896 ----a-w- c:\windows\system32\kerberos.dll

2011-07-13 08:46 . 2010-10-28 13:56 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-13 08:46 . 2010-10-28 13:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-07-13 08:44 . 2009-06-10 11:53 203264 ----a-w- c:\windows\system32\wkssvc.dll

2011-07-13 08:44 . 2010-01-29 16:03 2080768 ----a-w- c:\program files\Windows Mail\msoe.dll

2011-07-13 08:44 . 2010-01-29 15:40 1616384 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll

2011-07-13 08:44 . 2010-01-21 15:05 62464 ----a-w- c:\windows\SysWow64\l3codeca.acm

2011-07-13 08:44 . 2010-01-21 15:37 72192 ----a-w- c:\windows\system32\l3codeca.acm

2011-07-13 08:44 . 2009-04-11 07:09 181760 ----a-w- c:\windows\system32\l3codecp.acm

2011-07-13 08:44 . 2009-04-11 06:27 220672 ----a-w- c:\windows\SysWow64\l3codecp.acm

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-27 14:25 . 2011-04-27 14:25 84864 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-07-13 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

.

c:\users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

BatteryBar.lnk - c:\program files\BatteryBar\BatteryBar.exe [2011-6-11 69632]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]

S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]

S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc

S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-96148779-2948309731-3870321898-1000Core.job

- c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 03:15]

.

2011-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-96148779-2948309731-3870321898-1000UA.job

- c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 03:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 305664]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 154648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 227352]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 202264]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-03-26 2115664]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.2.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-mcmscsvc

SafeBoot-MCODS

WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)

HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Common Files\Steam\SteamService.exe

.

**************************************************************************

.

Completion time: 2011-07-17  22:44:09 - machine was rebooted

ComboFix-quarantined-files.txt  2011-07-17 21:44

.

Pre-Run: 120,928,473,088 bytes free

Post-Run: 120,855,711,744 bytes free

.

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10

- - End Of File - - 6B5FABEAF26193A3E2A096B5D20C6015

1.1K Posts

July 18th, 2011 02:00

Thanks for the log, run the following :-

 

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    user posted image







  • If an infected file is detected, the default action will be Cure, click on Continue.

    user posted image







  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    user posted image







  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    user posted image







  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

Let me see he log in next reply,

 

Kevin

    20 Posts

    July 18th, 2011 02:00

    Here is the TDSSKiller Log:

    2011/07/18 09:54:39.0368 0644 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

    2011/07/18 09:54:40.0632 0644 ================================================================================

    2011/07/18 09:54:40.0632 0644 SystemInfo:

    2011/07/18 09:54:40.0632 0644

    2011/07/18 09:54:40.0632 0644 OS Version: 6.0.6002 ServicePack: 2.0

    2011/07/18 09:54:40.0632 0644 Product type: Workstation

    2011/07/18 09:54:40.0632 0644 ComputerName: ROSS-PC

    2011/07/18 09:54:40.0632 0644 UserName: Ross

    2011/07/18 09:54:40.0647 0644 Windows directory: C:\Windows

    2011/07/18 09:54:40.0647 0644 System windows directory: C:\Windows

    2011/07/18 09:54:40.0647 0644 Running under WOW64

    2011/07/18 09:54:40.0647 0644 Processor architecture: Intel x64

    2011/07/18 09:54:40.0647 0644 Number of processors: 2

    2011/07/18 09:54:40.0647 0644 Page size: 0x1000

    2011/07/18 09:54:40.0647 0644 Boot type: Normal boot

    2011/07/18 09:54:40.0647 0644 ================================================================================

    2011/07/18 09:54:41.0474 0644 Initialize success

    2011/07/18 09:54:43.0861 1404 ================================================================================

    2011/07/18 09:54:43.0861 1404 Scan started

    2011/07/18 09:54:43.0861 1404 Mode: Manual;

    2011/07/18 09:54:43.0861 1404 ================================================================================

    2011/07/18 09:54:44.0610 1404 ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

    2011/07/18 09:54:44.0766 1404 adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

    2011/07/18 09:54:45.0000 1404 adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

    2011/07/18 09:54:45.0031 1404 adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

    2011/07/18 09:54:45.0078 1404 adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

    2011/07/18 09:54:45.0546 1404 AFD             (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys

    2011/07/18 09:54:45.0686 1404 agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

    2011/07/18 09:54:45.0811 1404 aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

    2011/07/18 09:54:45.0920 1404 aliide          (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys

    2011/07/18 09:54:46.0014 1404 amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

    2011/07/18 09:54:46.0107 1404 AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

    2011/07/18 09:54:46.0216 1404 ApfiltrService  (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys

    2011/07/18 09:54:46.0341 1404 arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

    2011/07/18 09:54:46.0482 1404 arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

    2011/07/18 09:54:46.0560 1404 AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

    2011/07/18 09:54:46.0669 1404 atapi           (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys

    2011/07/18 09:54:46.0794 1404 BCM42RLY        (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys

    2011/07/18 09:54:46.0950 1404 BCM43XX         (912012b708a7d8e8ce2ee55afb663dff) C:\Windows\system32\DRIVERS\bcmwl664.sys

    2011/07/18 09:54:47.0152 1404 blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

    2011/07/18 09:54:47.0293 1404 bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

    2011/07/18 09:54:47.0402 1404 BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

    2011/07/18 09:54:47.0433 1404 BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

    2011/07/18 09:54:47.0542 1404 Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

    2011/07/18 09:54:47.0636 1404 BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

    2011/07/18 09:54:47.0745 1404 BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

    2011/07/18 09:54:47.0886 1404 BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

    2011/07/18 09:54:47.0979 1404 BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

    2011/07/18 09:54:48.0073 1404 cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

    2011/07/18 09:54:48.0166 1404 cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

    2011/07/18 09:54:48.0307 1404 circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

    2011/07/18 09:54:48.0400 1404 CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

    2011/07/18 09:54:48.0541 1404 CmBatt          (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

    2011/07/18 09:54:48.0572 1404 cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

    2011/07/18 09:54:48.0681 1404 Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

    2011/07/18 09:54:48.0790 1404 crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

    2011/07/18 09:54:48.0915 1404 DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

    2011/07/18 09:54:49.0040 1404 disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

    2011/07/18 09:54:49.0212 1404 drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

    2011/07/18 09:54:49.0336 1404 DXGKrnl         (e828cdca431d1f98d33501dfc390079a) C:\Windows\System32\drivers\dxgkrnl.sys

    2011/07/18 09:54:49.0446 1404 e1express       (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys

    2011/07/18 09:54:49.0555 1404 E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

    2011/07/18 09:54:49.0648 1404 Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

    2011/07/18 09:54:49.0773 1404 elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

    2011/07/18 09:54:49.0867 1404 ErrDev          (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys

    2011/07/18 09:54:49.0992 1404 exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

    2011/07/18 09:54:50.0101 1404 fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

    2011/07/18 09:54:50.0132 1404 fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

    2011/07/18 09:54:50.0241 1404 FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

    2011/07/18 09:54:50.0319 1404 Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

    2011/07/18 09:54:50.0413 1404 flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

    2011/07/18 09:54:50.0506 1404 FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

    2011/07/18 09:54:50.0569 1404 Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

    2011/07/18 09:54:50.0662 1404 gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

    2011/07/18 09:54:50.0787 1404 HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

    2011/07/18 09:54:50.0896 1404 HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

    2011/07/18 09:54:50.0974 1404 HidIr           (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

    2011/07/18 09:54:51.0068 1404 HidUsb          (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys

    2011/07/18 09:54:51.0177 1404 HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

    2011/07/18 09:54:51.0271 1404 HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

    2011/07/18 09:54:51.0411 1404 i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

    2011/07/18 09:54:51.0505 1404 i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

    2011/07/18 09:54:51.0630 1404 iaStor          (0b6c9c8f2e00e8b61c8379e62a9f921b) C:\Windows\system32\drivers\iastor.sys

    2011/07/18 09:54:51.0723 1404 iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

    2011/07/18 09:54:52.0051 1404 igfx            (f7ab8285bbecfaa5ed4050ccb89e073d) C:\Windows\system32\DRIVERS\igdkmd64.sys

    2011/07/18 09:54:52.0332 1404 iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

    2011/07/18 09:54:52.0441 1404 intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

    2011/07/18 09:54:52.0456 1404 intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

    2011/07/18 09:54:52.0566 1404 IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

    2011/07/18 09:54:52.0690 1404 IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

    2011/07/18 09:54:52.0800 1404 IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

    2011/07/18 09:54:52.0893 1404 IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

    2011/07/18 09:54:53.0002 1404 isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

    2011/07/18 09:54:53.0112 1404 iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

    2011/07/18 09:54:53.0205 1404 ISWKL           (9d7ac39e2f3a45d6fc277ec10c2732eb) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys

    2011/07/18 09:54:53.0330 1404 iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

    2011/07/18 09:54:53.0424 1404 iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

    2011/07/18 09:54:53.0517 1404 kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

    2011/07/18 09:54:53.0595 1404 kbdhid          (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

    2011/07/18 09:54:53.0689 1404 KSecDD          (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

    2011/07/18 09:54:53.0814 1404 ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

    2011/07/18 09:54:53.0923 1404 lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

    2011/07/18 09:54:54.0032 1404 LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

    2011/07/18 09:54:54.0126 1404 LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

    2011/07/18 09:54:54.0235 1404 LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

    2011/07/18 09:54:54.0313 1404 luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

    2011/07/18 09:54:54.0406 1404 megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

    2011/07/18 09:54:54.0500 1404 MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

    2011/07/18 09:54:54.0625 1404 Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

    2011/07/18 09:54:54.0734 1404 monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

    2011/07/18 09:54:54.0843 1404 mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

    2011/07/18 09:54:54.0921 1404 mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

    2011/07/18 09:54:55.0015 1404 MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

    2011/07/18 09:54:55.0093 1404 MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

    2011/07/18 09:54:55.0202 1404 mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

    2011/07/18 09:54:55.0296 1404 MpNWMon         (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

    2011/07/18 09:54:55.0374 1404 mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

    2011/07/18 09:54:55.0467 1404 Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

    2011/07/18 09:54:55.0576 1404 MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

    2011/07/18 09:54:55.0670 1404 mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

    2011/07/18 09:54:55.0748 1404 mrxsmb10        (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys

    2011/07/18 09:54:55.0873 1404 mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

    2011/07/18 09:54:55.0951 1404 msahci          (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys

    2011/07/18 09:54:56.0044 1404 msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

    2011/07/18 09:54:56.0154 1404 Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

    2011/07/18 09:54:56.0247 1404 msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

    2011/07/18 09:54:56.0356 1404 MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

    2011/07/18 09:54:56.0497 1404 MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

    2011/07/18 09:54:56.0606 1404 MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

    2011/07/18 09:54:56.0715 1404 MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

    2011/07/18 09:54:56.0824 1404 mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

    2011/07/18 09:54:56.0856 1404 MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

    2011/07/18 09:54:56.0965 1404 Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

    2011/07/18 09:54:57.0090 1404 NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

    2011/07/18 09:54:57.0230 1404 NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

    2011/07/18 09:54:57.0324 1404 NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

    2011/07/18 09:54:57.0402 1404 Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

    2011/07/18 09:54:57.0511 1404 NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

    2011/07/18 09:54:57.0604 1404 NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

    2011/07/18 09:54:57.0682 1404 NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

    2011/07/18 09:54:57.0792 1404 netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

    2011/07/18 09:54:57.0870 1404 nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

    2011/07/18 09:54:57.0948 1404 NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

    2011/07/18 09:54:58.0072 1404 Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

    2011/07/18 09:54:58.0119 1404 nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

    2011/07/18 09:54:58.0275 1404 Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

    2011/07/18 09:54:58.0369 1404 Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

    2011/07/18 09:54:58.0462 1404 nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

    2011/07/18 09:54:58.0556 1404 nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

    2011/07/18 09:54:58.0650 1404 nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

    2011/07/18 09:54:58.0837 1404 ohci1394        (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys

    2011/07/18 09:54:58.0993 1404 Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

    2011/07/18 09:54:59.0102 1404 partmgr         (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

    2011/07/18 09:54:59.0149 1404 pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

    2011/07/18 09:54:59.0242 1404 pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

    2011/07/18 09:54:59.0336 1404 pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

    2011/07/18 09:54:59.0445 1404 PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

    2011/07/18 09:54:59.0632 1404 PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

    2011/07/18 09:54:59.0726 1404 Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

    2011/07/18 09:54:59.0882 1404 PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

    2011/07/18 09:54:59.0991 1404 PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

    2011/07/18 09:55:00.0100 1404 ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

    2011/07/18 09:55:00.0194 1404 ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

    2011/07/18 09:55:00.0288 1404 QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

    2011/07/18 09:55:00.0444 1404 R300            (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys

    2011/07/18 09:55:00.0584 1404 RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

    2011/07/18 09:55:00.0678 1404 Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

    2011/07/18 09:55:00.0724 1404 RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

    2011/07/18 09:55:00.0802 1404 RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

    2011/07/18 09:55:00.0880 1404 rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

    2011/07/18 09:55:00.0974 1404 RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

    2011/07/18 09:55:01.0114 1404 rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

    2011/07/18 09:55:01.0208 1404 RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

    2011/07/18 09:55:01.0317 1404 RDPWD           (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

    2011/07/18 09:55:01.0458 1404 rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

    2011/07/18 09:55:01.0536 1404 RTSTOR          (39e74e264338934dbf11f8db79a3e116) C:\Windows\system32\drivers\RTSTOR64.SYS

    2011/07/18 09:55:01.0645 1404 sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

    2011/07/18 09:55:01.0738 1404 SCDEmu          (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys

    2011/07/18 09:55:01.0910 1404 secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

    2011/07/18 09:55:02.0019 1404 Serenum         (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

    2011/07/18 09:55:02.0113 1404 Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

    2011/07/18 09:55:02.0191 1404 sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

    2011/07/18 09:55:02.0331 1404 sffdisk         (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

    2011/07/18 09:55:02.0425 1404 sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

    2011/07/18 09:55:02.0503 1404 sffp_sd         (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

    2011/07/18 09:55:02.0596 1404 sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

    2011/07/18 09:55:02.0706 1404 SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

    2011/07/18 09:55:02.0799 1404 SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

    2011/07/18 09:55:02.0924 1404 Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

    2011/07/18 09:55:03.0049 1404 spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

    2011/07/18 09:55:03.0158 1404 srv             (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

    2011/07/18 09:55:03.0252 1404 srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

    2011/07/18 09:55:03.0330 1404 srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

    2011/07/18 09:55:03.0470 1404 STHDA           (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys

    2011/07/18 09:55:03.0595 1404 swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

    2011/07/18 09:55:03.0704 1404 Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

    2011/07/18 09:55:03.0798 1404 Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

    2011/07/18 09:55:03.0876 1404 Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

    2011/07/18 09:55:04.0000 1404 Tcpip           (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\drivers\tcpip.sys

    2011/07/18 09:55:04.0125 1404 Tcpip6          (0011810b5211fdacd784de585262ecfe) C:\Windows\system32\DRIVERS\tcpip.sys

    2011/07/18 09:55:04.0219 1404 tcpipreg        (ce3ae2ba7a076f0ade9f48c598c1d15d) C:\Windows\system32\drivers\tcpipreg.sys

    2011/07/18 09:55:04.0312 1404 TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

    2011/07/18 09:55:04.0406 1404 TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

    2011/07/18 09:55:04.0515 1404 tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

    2011/07/18 09:55:04.0624 1404 TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

    2011/07/18 09:55:04.0765 1404 tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

    2011/07/18 09:55:04.0858 1404 tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

    2011/07/18 09:55:04.0983 1404 tunnel          (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys

    2011/07/18 09:55:05.0061 1404 uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

    2011/07/18 09:55:05.0186 1404 udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

    2011/07/18 09:55:05.0311 1404 uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

    2011/07/18 09:55:05.0404 1404 uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

    2011/07/18 09:55:05.0498 1404 UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

    2011/07/18 09:55:05.0592 1404 ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

    2011/07/18 09:55:05.0670 1404 umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

    2011/07/18 09:55:05.0779 1404 usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

    2011/07/18 09:55:05.0904 1404 usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

    2011/07/18 09:55:06.0028 1404 usbehci         (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

    2011/07/18 09:55:06.0106 1404 usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

    2011/07/18 09:55:06.0216 1404 usbohci         (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

    2011/07/18 09:55:06.0309 1404 usbprint        (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys

    2011/07/18 09:55:06.0372 1404 USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

    2011/07/18 09:55:06.0496 1404 usbuhci         (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

    2011/07/18 09:55:06.0621 1404 vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

    2011/07/18 09:55:06.0715 1404 VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

    2011/07/18 09:55:06.0746 1404 viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

    2011/07/18 09:55:06.0871 1404 volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

    2011/07/18 09:55:06.0949 1404 volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

    2011/07/18 09:55:07.0105 1404 volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

    2011/07/18 09:55:07.0198 1404 Vsdatant        (f3099c3d724816493df8bbc5168f81cd) C:\Windows\system32\DRIVERS\vsdatant.sys

    2011/07/18 09:55:07.0354 1404 vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

    2011/07/18 09:55:07.0479 1404 WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

    2011/07/18 09:55:07.0588 1404 Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

    2011/07/18 09:55:07.0620 1404 Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

    2011/07/18 09:55:07.0729 1404 Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

    2011/07/18 09:55:07.0838 1404 Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

    2011/07/18 09:55:08.0025 1404 WmiAcpi         (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

    2011/07/18 09:55:08.0181 1404 ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

    2011/07/18 09:55:08.0290 1404 WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

    2011/07/18 09:55:08.0400 1404 yukonx64        (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys

    2011/07/18 09:55:08.0446 1404 MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

    2011/07/18 09:55:08.0478 1404 Boot (0x1200)   (e7d520ac42f006b606fa67a86d2be6f8) \Device\Harddisk0\DR0\Partition0

    2011/07/18 09:55:08.0493 1404 Boot (0x1200)   (fd0f3cdc31c462c926452028b0ff961e) \Device\Harddisk0\DR0\Partition1

    2011/07/18 09:55:08.0509 1404 ================================================================================

    2011/07/18 09:55:08.0509 1404 Scan finished

    2011/07/18 09:55:08.0509 1404 ================================================================================

    2011/07/18 09:55:08.0509 3992 Detected object count: 0

    2011/07/18 09:55:08.0509 3992 Actual detected object count: 0

    1.1K Posts

    July 18th, 2011 03:00

    Not seeing anything really conclusive in your logs, OK continue as follows please :-

    Step 1

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in between the dotted lines below into it:

    ---------------------------------------------------------------------------------------------------------------------------------
    KillAll::
    FixCset::
    DDS::
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
    ---------------------------------------------------------------------------------------------------------------------------------

    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    user posted image

    user posted image

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 2

    Run ESET Online Scan

    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScan
    • Click the user posted image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

     

    • Click on user posted image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the user posted image icon on your desktop.

     

    • Check user posted image
    • Click the user posted image button.
    • Accept any security warnings from your browser.
    • Check user posted image
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push user posted image
    • Push user posted image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the user posted image button.
    • Push user posted image


    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take between one and several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Let me see those two logs in next reply,also give update on current issues/concerns....

    Kevin

    20 Posts

    July 18th, 2011 19:00

    I am still unable to update windows due to error code 80073EFE. When browsing on the internet pages are not loading properly or not at all and pictures are distorted also my system is slower than usual. here are the logs:

    ComboFix 11-07-17.03 - Ross 18/07/2011  11:10:35.2.2 - x64

    Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.4055.2669 [GMT 1:00]

    Running from: c:\users\Ross\Desktop\Gotcha.exe

    Command switches used :: c:\users\Ross\Desktop\CFScript.txt

    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

    FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    (((((((((((((((((((((((((   Files Created from 2011-06-18 to 2011-07-18  )))))))))))))))))))))))))))))))

    .

    .

    2011-07-18 10:21 . 2011-07-18 10:21 -------- d-----w- c:\users\Default\AppData\Local\temp

    2011-07-17 21:45 . 2011-06-07 09:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4A176AF-875F-4E4F-B5D4-AD85BF27CD8A}\mpengine.dll

    2011-07-17 21:12 . 2011-07-17 21:14 -------- d-----w- C:\Gotcha

    2011-07-17 06:35 . 2011-07-17 21:59 -------- d-----w- c:\program files\BatteryBar

    2011-07-17 00:32 . 2011-07-17 00:32 -------- d-----w- c:\program files (x86)\ESET

    2011-07-17 00:27 . 2011-07-17 00:27 -------- d-----w- c:\program files (x86)\Trend Micro

    2011-07-15 15:43 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

    2011-07-15 15:43 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

    2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\ca-ES

    2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\eu-ES

    2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\SysWow64\vi-VN

    2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\system32\ca-ES

    2011-07-15 15:13 . 2011-07-15 15:14 -------- d-----w- c:\windows\system32\eu-ES

    2011-07-15 15:13 . 2011-07-15 15:13 -------- d-----w- c:\windows\system32\vi-VN

    2011-07-15 14:45 . 2011-07-15 14:45 -------- d-----w- c:\windows\system32\EventProviders

    2011-07-15 14:42 . 2009-04-11 07:11 796672 ----a-w- c:\windows\system32\mssvp.dll

    2011-07-15 14:40 . 2009-04-11 07:11 622592 ----a-w- c:\windows\system32\WMVXENCD.DLL

    2011-07-15 14:39 . 2009-04-11 06:28 247808 ----a-w- c:\windows\SysWow64\drvstore.dll

    2011-07-15 14:39 . 2009-04-11 06:28 83968 ----a-w- c:\windows\SysWow64\wbem\wmiutils.dll

    2011-07-15 14:39 . 2009-04-11 06:28 30208 ----a-w- c:\windows\SysWow64\wbem\wbemprox.dll

    2011-07-15 14:39 . 2009-04-11 06:28 189440 ----a-w- c:\windows\SysWow64\wbem\mofd.dll

    2011-07-15 14:39 . 2009-04-11 06:28 614912 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

    2011-07-15 14:39 . 2009-04-11 06:28 265728 ----a-w- c:\windows\SysWow64\wbem\esscli.dll

    2011-07-15 14:39 . 2009-04-11 07:11 43520 ----a-w- c:\windows\system32\wbem\wbemprox.dll

    2011-07-15 14:39 . 2009-04-11 07:11 1172992 ----a-w- c:\windows\system32\wbem\wbemcore.dll

    2011-07-15 14:39 . 2009-04-11 07:11 891392 ----a-w- c:\windows\system32\wbem\fastprox.dll

    2011-07-15 14:39 . 2009-04-11 07:11 936448 ----a-w- c:\windows\system32\SmiEngine.dll

    2011-07-15 14:38 . 2009-04-11 07:11 293888 ----a-w- c:\windows\system32\wdscore.dll

    2011-07-15 14:38 . 2009-04-11 07:10 138752 ----a-w- c:\windows\system32\PkgMgr.exe

    2011-07-15 14:38 . 2009-04-11 07:11 315904 ----a-w- c:\windows\system32\drvstore.dll

    2011-07-15 01:50 . 2011-07-15 01:50 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

    2011-07-15 01:49 . 2011-07-15 15:35 -------- d-----w- c:\program files (x86)\Microsoft.NET

    2011-07-15 01:49 . 2011-07-15 01:49 -------- d-----w- c:\windows\PCHEALTH

    2011-07-15 01:46 . 2011-07-15 01:46 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8

    2011-07-15 01:44 . 2011-07-15 01:44 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

    2011-07-15 01:43 . 2011-07-15 01:43 -------- d-----r- C:\MSOCache

    2011-07-14 22:03 . 2011-07-14 22:05 -------- d-----w- c:\program files (x86)\Auslogics

    2011-07-14 21:39 . 2011-07-06 18:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

    2011-07-14 21:39 . 2011-07-14 21:39 -------- d-----w- c:\programdata\Malwarebytes

    2011-07-14 21:39 . 2011-07-14 21:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

    2011-07-14 21:39 . 2011-07-06 18:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

    2011-07-14 05:23 . 2011-07-14 05:24 -------- d-----w- c:\program files (x86)\PowerISO

    2011-07-14 05:23 . 2011-06-15 08:30 93240 ----a-w- c:\windows\system32\drivers\scdemu.sys

    2011-07-13 22:04 . 2011-07-13 23:21 -------- d-----w- c:\program files (x86)\JDownloader

    2011-07-13 21:37 . 2011-07-13 21:37 -------- d-----w- c:\program files (x86)\PC SleepTimer

    2011-07-13 21:35 . 2011-06-07 09:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2011-07-13 21:33 . 2009-11-03 22:07 28160 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui

    2011-07-13 21:33 . 2009-08-24 11:47 442368 ----a-w- c:\windows\system32\winhttp.dll

    2011-07-13 21:33 . 2009-08-24 11:36 377344 ----a-w- c:\windows\SysWow64\winhttp.dll

    2011-07-13 21:33 . 2010-09-06 18:28 179712 ----a-w- c:\windows\system32\srvsvc.dll

    2011-07-13 21:33 . 2010-09-06 18:28 12288 ----a-w- c:\windows\system32\sscore.dll

    2011-07-13 21:33 . 2010-09-06 18:27 17920 ----a-w- c:\windows\system32\netevent.dll

    2011-07-13 21:33 . 2010-09-06 16:20 9728 ----a-w- c:\windows\SysWow64\sscore.dll

    2011-07-13 21:33 . 2010-09-06 16:19 17920 ----a-w- c:\windows\SysWow64\netevent.dll

    2011-07-13 19:14 . 2011-07-13 19:14 -------- d-----w- c:\program files\7-Zip

    2011-07-13 19:04 . 2010-02-24 09:28 294912 ----a-w- c:\windows\system32\browserchoice.exe

    2011-07-13 19:01 . 2010-02-20 23:15 32768 ----a-w- c:\windows\system32\nshhttp.dll

    2011-07-13 19:00 . 2010-02-20 23:06 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll

    2011-07-13 19:00 . 2010-02-20 21:30 620032 ----a-w- c:\windows\system32\drivers\http.sys

    2011-07-13 19:00 . 2010-02-20 23:14 33792 ----a-w- c:\windows\system32\httpapi.dll

    2011-07-13 19:00 . 2010-02-20 23:05 30720 ----a-w- c:\windows\SysWow64\httpapi.dll

    2011-07-13 18:53 . 2009-11-08 09:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

    2011-07-13 18:53 . 2009-11-08 09:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

    2011-07-13 18:53 . 2009-11-08 09:55 48960 ----a-w- c:\windows\system32\netfxperf.dll

    2011-07-13 18:53 . 2009-11-08 09:55 444752 ----a-w- c:\windows\system32\mscoree.dll

    2011-07-13 18:53 . 2009-11-08 09:55 320352 ----a-w- c:\windows\system32\PresentationHost.exe

    2011-07-13 18:53 . 2009-11-08 09:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

    2011-07-13 18:53 . 2009-11-08 09:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

    2011-07-13 18:53 . 2009-11-08 09:55 1942856 ----a-w- c:\windows\system32\dfshim.dll

    2011-07-13 18:53 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

    2011-07-13 18:53 . 2009-11-08 09:55 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

    2011-07-13 18:29 . 2011-07-13 19:52 -------- d-----w- c:\program files (x86)\Common Files\Steam

    2011-07-13 18:29 . 2011-07-18 10:23 -------- d-----w- c:\program files (x86)\Steam

    2011-07-13 15:32 . 2011-07-13 15:32 -------- d-----w- c:\windows\SMINST

    2011-07-13 09:32 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll

    2011-07-13 09:32 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll

    2011-07-13 09:32 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

    2011-07-13 09:32 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll

    2011-07-13 09:32 . 2010-05-15 15:30 453720 ------w- c:\windows\system32\drivers\vsdatant.sys

    2011-07-13 09:32 . 2011-07-13 09:32 -------- d-----w- c:\program files (x86)\Zone Labs

    2011-07-13 09:32 . 2011-07-13 09:32 -------- d-----w- c:\programdata\CheckPoint

    2011-07-13 09:32 . 2011-07-18 10:23 -------- d-----w- c:\windows\Internet Logs

    2011-07-13 09:27 . 2011-07-13 09:27 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks

    2011-07-13 09:19 . 2009-08-01 06:27 201184 ----a-w- c:\windows\SysWow64\winrm.vbs

    2011-07-13 09:02 . 2009-06-10 11:52 3547136 ----a-w- c:\windows\system32\mf.dll

    2011-07-13 09:02 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\SysWow64\mf.dll

    2011-07-13 09:00 . 2009-08-14 16:04 143360 ----a-w- c:\windows\system32\netiohlp.dll

    2011-07-13 08:55 . 2010-01-25 12:08 460288 ----a-w- c:\windows\system32\msdrm.dll

    2011-07-13 08:54 . 2011-02-24 16:38 991104 ----a-w- c:\windows\system32\winresume.efi

    2011-07-13 08:53 . 2010-06-17 18:34 16361984 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll

    2011-07-13 08:52 . 2010-12-20 16:59 847360 ----a-w- c:\windows\system32\oleaut32.dll

    2011-07-13 08:52 . 2010-12-20 16:35 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll

    2011-07-13 08:52 . 2011-03-10 17:18 1360384 ----a-w- c:\windows\system32\mfc42u.dll

    2011-07-13 08:52 . 2011-03-10 17:18 1398784 ----a-w- c:\windows\system32\mfc42.dll

    2011-07-13 08:52 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll

    2011-07-13 08:52 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll

    2011-07-13 08:52 . 2010-08-26 17:46 189952 ----a-w- c:\windows\system32\t2embed.dll

    2011-07-13 08:52 . 2010-08-26 16:37 157184 ----a-w- c:\windows\SysWow64\t2embed.dll

    2011-07-13 08:52 . 2011-04-20 16:03 451072 ----a-w- c:\windows\system32\winsrv.dll

    2011-07-13 08:52 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll

    2011-07-13 08:51 . 2010-08-31 15:46 954752 ----a-w- c:\windows\SysWow64\mfc40.dll

    2011-07-13 08:51 . 2010-08-31 15:46 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll

    2011-07-13 08:51 . 2009-07-15 14:47 368128 ----a-w- c:\windows\system32\wmpdxm.dll

    2011-07-13 08:51 . 2009-07-15 12:39 313344 ----a-w- c:\windows\SysWow64\wmpdxm.dll

    2011-07-13 08:51 . 2009-07-15 10:23 43520 ----a-w- c:\windows\system32\msdxm.tlb

    2011-07-13 08:51 . 2009-07-15 10:23 18432 ----a-w- c:\windows\system32\amcompat.tlb

    2011-07-13 08:51 . 2009-07-15 10:21 43520 ----a-w- c:\windows\SysWow64\msdxm.tlb

    2011-07-13 08:51 . 2009-07-15 10:21 18432 ----a-w- c:\windows\SysWow64\amcompat.tlb

    2011-07-13 08:51 . 2010-10-15 14:02 4699024 ----a-w- c:\windows\system32\ntoskrnl.exe

    2011-07-13 08:51 . 2010-10-15 13:43 1168512 ----a-w- c:\windows\SysWow64\ntdll.dll

    2011-07-13 08:51 . 2010-10-15 13:43 1585168 ----a-w- c:\windows\system32\ntdll.dll

    2011-07-13 08:50 . 2009-09-10 15:27 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe

    2011-07-13 08:50 . 2009-09-10 15:27 372736 ----a-w- c:\windows\system32\unregmp2.exe

    2011-07-13 08:50 . 2009-09-10 14:58 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe

    2011-07-13 08:50 . 2009-09-10 14:58 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe

    2011-07-13 08:47 . 2009-06-15 15:11 656896 ----a-w- c:\windows\system32\kerberos.dll

    2011-07-13 08:46 . 2010-10-28 13:56 2048 ----a-w- c:\windows\system32\tzres.dll

    2011-07-13 08:46 . 2010-10-28 13:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll

    2011-07-13 08:44 . 2009-06-10 11:53 203264 ----a-w- c:\windows\system32\wkssvc.dll

    2011-07-13 08:44 . 2010-01-29 16:03 2080768 ----a-w- c:\program files\Windows Mail\msoe.dll

    2011-07-13 08:44 . 2010-01-29 15:40 1616384 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll

    2011-07-13 08:44 . 2010-01-21 15:05 62464 ----a-w- c:\windows\SysWow64\l3codeca.acm

    2011-07-13 08:44 . 2010-01-21 15:37 72192 ----a-w- c:\windows\system32\l3codeca.acm

    2011-07-13 08:44 . 2009-04-11 07:09 181760 ----a-w- c:\windows\system32\l3codecp.acm

    2011-07-13 08:44 . 2009-04-11 06:27 220672 ----a-w- c:\windows\SysWow64\l3codecp.acm

    .

    .

    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2011-04-27 14:25 . 2011-04-27 14:25 84864 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

    .

    .

    (((((((((((((((((((((((((((((   SnapShot@2011-07-17_21.36.35   )))))))))))))))))))))))))))))))))))))))))

    .

    - 2008-01-21 03:20 . 2011-07-17 21:34 16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2008-01-21 03:20 . 2011-07-18 10:23 16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2008-01-21 03:20 . 2011-07-17 21:34 32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2008-01-21 03:20 . 2011-07-18 10:23 32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2008-01-21 03:20 . 2011-07-17 21:34 16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2008-01-21 03:20 . 2011-07-18 10:23 16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2008-01-21 02:23 . 2011-07-18 10:24 44976              c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

    + 2006-11-02 15:45 . 2011-07-18 10:24 66846              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

    - 2009-09-01 14:11 . 2011-07-17 20:45 16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2009-09-01 14:11 . 2011-07-18 01:45 16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2009-09-01 19:58 . 2011-07-18 01:45 32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2009-09-01 19:58 . 2011-07-17 20:45 32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2009-09-01 19:58 . 2011-07-17 20:45 16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2009-09-01 19:58 . 2011-07-18 01:45 16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2011-07-13 06:57 . 2011-07-18 10:24 5192              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-96148779-2948309731-3870321898-1000_UserData.bin

    + 2011-07-18 10:22 . 2011-07-18 10:22 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    - 2011-07-17 21:33 . 2011-07-17 21:33 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    + 2011-07-18 10:22 . 2011-07-18 10:22 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    - 2011-07-17 21:33 . 2011-07-17 21:33 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2011-07-13 18:19 . 2011-07-18 09:39 200492              c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

    - 2006-11-02 12:46 . 2011-07-17 21:14 611296              c:\windows\system32\perfh009.dat

    + 2006-11-02 12:46 . 2011-07-18 10:08 611296              c:\windows\system32\perfh009.dat

    - 2006-11-02 12:46 . 2011-07-17 21:14 109672              c:\windows\system32\perfc009.dat

    + 2006-11-02 12:46 . 2011-07-18 10:08 109672              c:\windows\system32\perfc009.dat

    .

    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

    "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]

    .

    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

    .

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

    2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

    "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]

    .

    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-07-13 1242448]

    "ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]

    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

    "ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]

    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

    .

    c:\users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    BatteryBar.lnk - c:\program files\BatteryBar\BatteryBar.exe [2011-6-11 69632]

    .

    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    .

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

    R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys

    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe

    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

    S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]

    S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]

    S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc

    S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys

    .

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2011-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-96148779-2948309731-3870321898-1000Core.job

    - c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 03:15]

    .

    2011-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-96148779-2948309731-3870321898-1000UA.job

    - c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 03:15]

    .

    .

    --------- x86-64 -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 305664]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 154648]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 227352]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 202264]

    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]

    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]

    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]

    "SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]

    .

    ------- Supplementary Scan -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    mLocal Page = c:\windows\SysWOW64\blank.htm

    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

    TCP: DhcpNameServer = 192.168.2.1

    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

    .

    - - - - ORPHANS REMOVED - - - -

    .

    WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)

    .

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.10"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker2"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

    @="Shockwave Flash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

    @Denied: (A 2) (Everyone)

    @=""

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

    @="FlashBroker"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

      00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

    @Denied: (A) (Everyone)

    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

    @Denied: (A) (Everyone)

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

    "Key"="ActionsPane3"

    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    .

    **************************************************************************

    .

    Completion time: 2011-07-18  11:42:54 - machine was rebooted

    ComboFix-quarantined-files.txt  2011-07-18 10:42

    ComboFix2.txt  2011-07-17 21:44

    .

    Pre-Run: 113,504,993,280 bytes free

    Post-Run: 112,591,646,720 bytes free

    .

    - - End Of File - - 467779AE0787B8CAD75DCC3C32BD82F3

    ESETSmartInstaller@High as CAB hook log:

    OnlineScanner64.ocx - registred OK

    OnlineScanner.ocx - registred OK

    esets_scanner_update returned -1 esets_gle=36882

    ESETSmartInstaller@High as downloader log:

    all ok

    # version=7

    # OnlineScannerApp.exe=1.0.0.1

    # OnlineScanner.ocx=1.0.0.6541

    # api_version=3.0.2

    # EOSSerial=b031edb61e34f54499eb9c7a71e127d2

    # end=finished

    # remove_checked=false

    # archives_checked=true

    # unwanted_checked=true

    # unsafe_checked=false

    # antistealth_checked=true

    # utc_time=2011-07-19 01:10:07

    # local_time=2011-07-19 02:10:07 (+0000, GMT Daylight Time)

    # country="United Kingdom"

    # lang=2057

    # osver=6.0.6002 NT Service Pack 2

    # compatibility_mode=5892 16776574 100 45 110149648 148554935 0 0

    # compatibility_mode=8192 67108863 100 0 739 739 0 0

    # compatibility_mode=9217 16777214 75 70 481299 10628341 0 0

    # scanned=161809

    # found=0

    # cleaned=0

    # scan_time=6778

    1.1K Posts

    July 19th, 2011 00:00

    Download aswMBR from Here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it. Vista or Windows 7 user right click and sselect Run as Administarator.
    • Click the Scan button to start the scan as illustrated below

      user posted image


      Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop.

      user posted image


    • Copy and paste the contents of aswMBR.txt back here for review
    • You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.



    Kevin

    20 Posts

    July 19th, 2011 02:00

    How do I attach a file to a post?

    Here is the aswMBR log:

    aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software

    Run date: 2011-07-19 08:44:47

    -----------------------------

    08:44:47.448    OS Version: Windows x64 6.0.6002 Service Pack 2

    08:44:47.449    Number of processors: 2 586 0x170A

    08:44:47.449    ComputerName: ROSS-PC  UserName: Ross

    08:44:50.236    Initialize success

    08:49:51.850    AVAST engine defs: 11071801

    08:51:14.839    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

    08:51:14.842    Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3

    08:51:14.866    Disk 0 MBR read successfully

    08:51:14.869    Disk 0 MBR scan

    08:51:14.876    Disk 0 unknown MBR code

    08:51:14.880    Service scanning

    08:51:16.568    Disk 0 trace - called modules:

    08:51:16.610    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll

    08:51:16.614    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006096790]

    08:51:16.618    3 CLASSPNP.SYS[fffffa6000fd3c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80045c7050]

    08:51:17.481    AVAST engine scan C:\Windows

    08:51:22.114    AVAST engine scan C:\Windows\system32

    08:54:22.733    AVAST engine scan C:\Windows\system32\drivers

    08:54:39.090    AVAST engine scan C:\Users\Ross

    08:56:17.191    Disk 0 MBR has been saved successfully to "C:\Users\Ross\Desktop\MBR.dat"

    08:56:17.207    The log file has been saved successfully to "C:\Users\Ross\Desktop\aswMBR.txt"

    20 Posts

    July 19th, 2011 04:00

    Is this what you needed?

    Antivirus Version Last Update Result

    AhnLab-V3 2011.07.19.02 2011.07.19 -

    AntiVir 7.11.11.208 2011.07.19 -

    Antiy-AVL 2.0.3.7 2011.07.15 -

    Avast 4.8.1351.0 2011.07.19 -

    Avast5 5.0.677.0 2011.07.19 -

    AVG 10.0.0.1190 2011.07.19 -

    BitDefender 7.2 2011.07.19 -

    CAT-QuickHeal 11.00 2011.07.19 -

    ClamAV 0.97.0.0 2011.07.19 -

    Commtouch 5.3.2.6 2011.07.19 -

    Comodo 9429 2011.07.19 -

    DrWeb 5.0.2.03300 2011.07.19 -

    Emsisoft 5.1.0.8 2011.07.19 -

    eSafe 7.0.17.0 2011.07.18 -

    eTrust-Vet 36.1.8450 2011.07.18 -

    F-Prot 4.6.2.117 2011.07.18 -

    F-Secure 9.0.16440.0 2011.07.19 -

    Fortinet 4.2.257.0 2011.07.19 -

    GData 22 2011.07.19 -

    Ikarus T3.1.1.104.0 2011.07.19 -

    Jiangmin 13.0.900 2011.07.18 -

    K7AntiVirus 9.108.4919 2011.07.18 -

    Kaspersky 9.0.0.837 2011.07.19 -

    McAfee 5.400.0.1158 2011.07.19 -

    McAfee-GW-Edition 2010.1D 2011.07.19 -

    Microsoft 1.7000 2011.07.19 -

    NOD32 6306 2011.07.19 -

    Norman 6.07.10 2011.07.18 -

    nProtect 2011-07-19.01 2011.07.19 -

    Panda 10.0.3.5 2011.07.18 -

    PCTools 8.0.0.5 2011.07.13 -

    Prevx 3.0 2011.07.19 -

    Rising 23.67.01.05 2011.07.19 -

    Sophos 4.67.0 2011.07.19 -

    SUPERAntiSpyware 4.40.0.1006 2011.07.19 -

    Symantec 20111.1.0.186 2011.07.19 -

    TheHacker 6.7.0.1.257 2011.07.18 -

    TrendMicro 9.200.0.1012 2011.07.19 -

    TrendMicro-HouseCall 9.200.0.1012 2011.07.19 -

    VBA32 3.12.16.4 2011.07.19 -

    VIPRE 9901 2011.07.19 -

    ViRobot 2011.7.19.4577 2011.07.19 -

    VirusBuster 14.0.129.0 2011.07.18 -

    Additional informationShow all

    MD5   : ab3f08b6fb75a4105063923d10231325

    SHA1  : 7b26425621b27a77d419a0d511bb7671f8719efa

    SHA256: a9943bc8b97014ac2512e0f08e94a2429d80fcc807433ecd44b7bc7433acc74e

    ssdeep: 12:ch10l6lc1EBKMwTBlBRWyStYcWLT8+lvlhs:ch10lOExMwTBdFjvJlvs

    File size : 512 bytes

    First seen: 2011-07-19 10:34:19

    Last seen : 2011-07-19 10:34:19

    TrID:

    Unknown!

    sigcheck:

    publisher....: n/a

    copyright....: n/a

    product......: n/a

    description..: n/a

    original name: n/a

    internal name: n/a

    file version.: n/a

    comments.....: n/a

    signers......: -

    signing date.: -

    verified.....: Unsigned

    1.1K Posts

    July 19th, 2011 04:00

    1.1K Posts

    July 19th, 2011 15:00

    This is proving very difficult to find, OK lets try a different scan,

     

    Download TDSSFix and save directly to your Desktop. <----Important

    • Double click user posted image to run the tool.
    • Select "I accept at the agreement"

      user posted image







    • Select "Proceed"

      user posted image







    • You will be warned that your system is about to restart your system, save any open work and close all applications then select "OK"





    user posted image


    Your system will re-boot and the scan will commence, allow it to completed.


    user posted image


    You will see the following if nothing is found:


    user posted image


    If an infection is found, follow the prompts and let me know how you get on.

















    Kevin

    20 Posts

    July 19th, 2011 20:00

    After running the scan a box came up saying nothing had been found. I have just rechecked widows update and it seems to be allowing me to update, should I update or leave it?. However, all other problems remain the same

    Ross.

    1.1K Posts

    July 20th, 2011 02:00

    Yes allow the updates from Windows, does the issue you mention with Chrome happen with any other browser? if not re-install Chrome and see how it responds....

     

    Kevin

    20 Posts

    July 20th, 2011 03:00

    I get the same problems in IE. I reinstalled chrome and the same problems returned.

    Ross

    1.1K Posts

    July 20th, 2011 14:00

    Run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing.... user posted image
    ...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.
    Tell me if Secunia recommended any updates:
    Kevin
    No Events found!

    Top