Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multiple Infections limiting internet access


  • Please log in to reply

#16
AZCMer

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
TDSSKiller log:

2011/07/09 13:46:58.0461 3764 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/09 13:46:59.0329 3764 ================================================================================
2011/07/09 13:46:59.0329 3764 SystemInfo:
2011/07/09 13:46:59.0329 3764
2011/07/09 13:46:59.0330 3764 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/09 13:46:59.0330 3764 Product type: Workstation
2011/07/09 13:46:59.0330 3764 ComputerName: FAMILYCOMPUTER
2011/07/09 13:46:59.0330 3764 UserName: The Reeve Family
2011/07/09 13:46:59.0331 3764 Windows directory: C:\Windows
2011/07/09 13:46:59.0331 3764 System windows directory: C:\Windows
2011/07/09 13:46:59.0331 3764 Running under WOW64
2011/07/09 13:46:59.0331 3764 Processor architecture: Intel x64
2011/07/09 13:46:59.0331 3764 Number of processors: 4
2011/07/09 13:46:59.0331 3764 Page size: 0x1000
2011/07/09 13:46:59.0331 3764 Boot type: Normal boot
2011/07/09 13:46:59.0331 3764 ================================================================================
2011/07/09 13:47:00.0371 3764 Initialize success
2011/07/09 13:47:26.0075 6104 ================================================================================
2011/07/09 13:47:26.0075 6104 Scan started
2011/07/09 13:47:26.0075 6104 Mode: Manual;
2011/07/09 13:47:26.0075 6104 ================================================================================
2011/07/09 13:47:26.0773 6104 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/07/09 13:47:26.0846 6104 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/07/09 13:47:26.0906 6104 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/07/09 13:47:26.0981 6104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/09 13:47:27.0040 6104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/09 13:47:27.0072 6104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/09 13:47:27.0172 6104 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/07/09 13:47:27.0275 6104 AgereSoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/07/09 13:47:27.0366 6104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/07/09 13:47:27.0393 6104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/07/09 13:47:27.0429 6104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/07/09 13:47:27.0463 6104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/09 13:47:27.0496 6104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/09 13:47:27.0558 6104 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/07/09 13:47:27.0599 6104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/09 13:47:27.0626 6104 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/07/09 13:47:27.0686 6104 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/07/09 13:47:27.0779 6104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/09 13:47:27.0807 6104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/09 13:47:27.0837 6104 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2011/07/09 13:47:27.0884 6104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/09 13:47:27.0954 6104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/07/09 13:47:28.0032 6104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/09 13:47:28.0076 6104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/09 13:47:28.0121 6104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/09 13:47:28.0169 6104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/09 13:47:28.0241 6104 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/09 13:47:28.0278 6104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/09 13:47:28.0292 6104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/09 13:47:28.0336 6104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/09 13:47:28.0369 6104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/09 13:47:28.0408 6104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/09 13:47:28.0430 6104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/09 13:47:28.0467 6104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/09 13:47:28.0520 6104 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/09 13:47:28.0594 6104 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/07/09 13:47:28.0678 6104 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
2011/07/09 13:47:28.0716 6104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/09 13:47:28.0754 6104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/09 13:47:28.0833 6104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/09 13:47:28.0896 6104 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/07/09 13:47:28.0958 6104 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/07/09 13:47:28.0998 6104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/09 13:47:29.0064 6104 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/09 13:47:29.0104 6104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/09 13:47:29.0226 6104 DCamUSBNovatek (87a70750325afc300f0977dc3137a350) C:\Windows\system32\Drivers\nvtcam.sys
2011/07/09 13:47:29.0400 6104 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/07/09 13:47:29.0433 6104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/09 13:47:29.0472 6104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/09 13:47:29.0522 6104 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/07/09 13:47:29.0593 6104 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
2011/07/09 13:47:29.0625 6104 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/07/09 13:47:29.0662 6104 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/09 13:47:29.0741 6104 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/09 13:47:29.0847 6104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/09 13:47:29.0996 6104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/09 13:47:30.0068 6104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/07/09 13:47:30.0130 6104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/09 13:47:30.0151 6104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/09 13:47:30.0188 6104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/09 13:47:30.0222 6104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/09 13:47:30.0245 6104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/09 13:47:30.0295 6104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/09 13:47:30.0367 6104 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/07/09 13:47:30.0414 6104 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/09 13:47:30.0434 6104 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/09 13:47:30.0496 6104 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/09 13:47:30.0524 6104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/09 13:47:30.0699 6104 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/09 13:47:30.0971 6104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/09 13:47:31.0144 6104 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/09 13:47:31.0271 6104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/09 13:47:31.0398 6104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/09 13:47:31.0439 6104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/09 13:47:31.0478 6104 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/07/09 13:47:31.0587 6104 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/09 13:47:31.0673 6104 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/07/09 13:47:31.0762 6104 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/09 13:47:31.0837 6104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/07/09 13:47:31.0878 6104 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/07/09 13:47:31.0928 6104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/09 13:47:32.0030 6104 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/09 13:47:32.0058 6104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/07/09 13:47:32.0098 6104 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/09 13:47:32.0173 6104 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/09 13:47:32.0213 6104 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/09 13:47:32.0248 6104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/09 13:47:32.0301 6104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/09 13:47:32.0363 6104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/07/09 13:47:32.0389 6104 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/07/09 13:47:32.0430 6104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/07/09 13:47:32.0449 6104 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/07/09 13:47:32.0487 6104 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/09 13:47:32.0547 6104 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/09 13:47:32.0571 6104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/09 13:47:32.0620 6104 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/09 13:47:32.0674 6104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/09 13:47:32.0705 6104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/09 13:47:32.0730 6104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/09 13:47:32.0764 6104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/09 13:47:32.0793 6104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/09 13:47:32.0943 6104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/09 13:47:32.0981 6104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/09 13:47:33.0053 6104 mfeapfk (31338e489314ae2a29534fbaa7ad2f1b) C:\Windows\system32\drivers\mfeapfk.sys
2011/07/09 13:47:33.0105 6104 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
2011/07/09 13:47:33.0228 6104 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
2011/07/09 13:47:33.0297 6104 mfehidk (a2607740bb18d631da01e01dcb81843b) C:\Windows\system32\drivers\mfehidk.sys
2011/07/09 13:47:33.0348 6104 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/07/09 13:47:33.0416 6104 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
2011/07/09 13:47:33.0470 6104 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
2011/07/09 13:47:33.0519 6104 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/09 13:47:33.0589 6104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/09 13:47:33.0669 6104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/07/09 13:47:33.0718 6104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/09 13:47:33.0778 6104 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/07/09 13:47:33.0842 6104 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/07/09 13:47:33.0873 6104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/09 13:47:33.0933 6104 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/07/09 13:47:33.0993 6104 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/09 13:47:34.0018 6104 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/09 13:47:34.0046 6104 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/09 13:47:34.0071 6104 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/07/09 13:47:34.0129 6104 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/07/09 13:47:34.0169 6104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/09 13:47:34.0191 6104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/09 13:47:34.0247 6104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/07/09 13:47:34.0282 6104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/09 13:47:34.0301 6104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/09 13:47:34.0323 6104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/09 13:47:34.0385 6104 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/07/09 13:47:34.0417 6104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/07/09 13:47:34.0442 6104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/09 13:47:34.0515 6104 msvad_simple (c573554bae57f6aca1e55e7957055240) C:\Windows\system32\drivers\povrtdev.sys
2011/07/09 13:47:34.0563 6104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/09 13:47:34.0621 6104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/09 13:47:34.0702 6104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/09 13:47:34.0829 6104 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/07/09 13:47:34.0888 6104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/09 13:47:34.0922 6104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/09 13:47:34.0980 6104 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/09 13:47:35.0033 6104 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/09 13:47:35.0092 6104 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/07/09 13:47:35.0152 6104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/09 13:47:35.0216 6104 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/09 13:47:35.0282 6104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/09 13:47:35.0317 6104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/09 13:47:35.0347 6104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/09 13:47:35.0447 6104 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/07/09 13:47:35.0496 6104 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/09 13:47:35.0729 6104 nvlddmkm (1d135cc25b5ac1b9d2b6004d9de28df3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/09 13:47:35.0851 6104 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/07/09 13:47:35.0920 6104 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/07/09 13:47:35.0975 6104 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/07/09 13:47:36.0059 6104 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/07/09 13:47:36.0115 6104 nvstor64 (6ba747b1a9297a6c0271700d12fdd495) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/07/09 13:47:36.0170 6104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/07/09 13:47:36.0224 6104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/07/09 13:47:36.0299 6104 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/09 13:47:36.0359 6104 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/07/09 13:47:36.0415 6104 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/07/09 13:47:36.0445 6104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/09 13:47:36.0487 6104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/09 13:47:36.0519 6104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/09 13:47:36.0557 6104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/09 13:47:36.0706 6104 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/09 13:47:36.0745 6104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/09 13:47:36.0827 6104 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/09 13:47:36.0917 6104 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/07/09 13:47:36.0988 6104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/09 13:47:37.0047 6104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/09 13:47:37.0091 6104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/09 13:47:37.0125 6104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/09 13:47:37.0171 6104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/09 13:47:37.0234 6104 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/09 13:47:37.0262 6104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/09 13:47:37.0282 6104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/09 13:47:37.0340 6104 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
2011/07/09 13:47:37.0403 6104 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/09 13:47:37.0438 6104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/09 13:47:37.0464 6104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/09 13:47:37.0483 6104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/09 13:47:37.0507 6104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/09 13:47:37.0568 6104 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/07/09 13:47:37.0631 6104 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/07/09 13:47:37.0676 6104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/09 13:47:37.0737 6104 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/09 13:47:37.0801 6104 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/09 13:47:37.0835 6104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/09 13:47:37.0891 6104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/09 13:47:37.0917 6104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/09 13:47:37.0982 6104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/09 13:47:38.0057 6104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/07/09 13:47:38.0083 6104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/09 13:47:38.0106 6104 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/09 13:47:38.0140 6104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/09 13:47:38.0187 6104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/09 13:47:38.0205 6104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/09 13:47:38.0241 6104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/09 13:47:38.0293 6104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/09 13:47:38.0370 6104 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/07/09 13:47:38.0403 6104 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/09 13:47:38.0428 6104 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/09 13:47:38.0473 6104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/09 13:47:38.0549 6104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/07/09 13:47:38.0692 6104 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/07/09 13:47:38.0798 6104 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/09 13:47:38.0870 6104 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/09 13:47:38.0909 6104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/09 13:47:38.0927 6104 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/09 13:47:38.0995 6104 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/09 13:47:39.0020 6104 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/07/09 13:47:39.0108 6104 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/09 13:47:39.0174 6104 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/09 13:47:39.0245 6104 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/09 13:47:39.0268 6104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/09 13:47:39.0352 6104 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/09 13:47:39.0388 6104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/09 13:47:39.0457 6104 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/07/09 13:47:39.0512 6104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/09 13:47:39.0611 6104 USB28xxBGA (5f8b92c514b2189829988019923b182f) C:\Windows\system32\DRIVERS\emBDA64.sys
2011/07/09 13:47:39.0701 6104 USB28xxOEM (44f21cdc25f1f5986d5a703bbb37b172) C:\Windows\system32\DRIVERS\emOEM64.sys
2011/07/09 13:47:39.0793 6104 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/07/09 13:47:39.0867 6104 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/07/09 13:47:39.0895 6104 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/09 13:47:39.0953 6104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/07/09 13:47:39.0998 6104 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/09 13:47:40.0038 6104 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/09 13:47:40.0062 6104 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/09 13:47:40.0100 6104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/09 13:47:40.0146 6104 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/09 13:47:40.0166 6104 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
2011/07/09 13:47:40.0192 6104 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/07/09 13:47:40.0278 6104 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/07/09 13:47:40.0373 6104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/09 13:47:40.0422 6104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/09 13:47:40.0444 6104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/09 13:47:40.0493 6104 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/07/09 13:47:40.0531 6104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/07/09 13:47:40.0558 6104 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/07/09 13:47:40.0621 6104 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/07/09 13:47:40.0646 6104 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/07/09 13:47:40.0698 6104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/09 13:47:40.0731 6104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/07/09 13:47:40.0792 6104 wacmoumonitor (37e4600e2cdad3c1a3613a25b97d457c) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2011/07/09 13:47:40.0855 6104 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/07/09 13:47:40.0900 6104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/09 13:47:40.0964 6104 wacomvhid (26b430e7c5f598fe7353e3bc4b261321) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/07/09 13:47:41.0005 6104 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/09 13:47:41.0031 6104 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/09 13:47:41.0097 6104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/09 13:47:41.0126 6104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/09 13:47:41.0192 6104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/09 13:47:41.0221 6104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/09 13:47:41.0327 6104 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/09 13:47:41.0404 6104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/09 13:47:41.0463 6104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/09 13:47:41.0548 6104 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/07/09 13:47:41.0587 6104 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/09 13:47:41.0629 6104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/09 13:47:41.0644 6104 Boot (0x1200) (dd0049a94e8e578110339918823c908b) \Device\Harddisk0\DR0\Partition0
2011/07/09 13:47:41.0666 6104 Boot (0x1200) (b8636be3190ceba8f33f56e5cc9f9355) \Device\Harddisk0\DR0\Partition1
2011/07/09 13:47:41.0713 6104 Boot (0x1200) (b1705779abf817ec1485f405b642ac8e) \Device\Harddisk0\DR0\Partition2
2011/07/09 13:47:41.0718 6104 ================================================================================
2011/07/09 13:47:41.0718 6104 Scan finished
2011/07/09 13:47:41.0718 6104 ================================================================================
2011/07/09 13:47:41.0731 5076 Detected object count: 0
2011/07/09 13:47:41.0732 5076 Actual detected object count: 0
  • 0

Advertisements


#17
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Hmmm... I think something may be lurking still...


Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.



**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\Combofix.txt in your next reply.
  • 0

#18
AZCMer

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
When ComboFix finished it produced a log. I then tried opening FireFox and got the error:

C:\Program Fiels (x86)\Mozilla Firefox\firefox.exe
Illegal operation attempted on a registry key that has been marked for deletion.


This also happened for IE. I then rebooted and had no mouse, but I got my browsers back. Firefox was not my default browser. I rebooted again and got my mouse back. Yea!

Here's the log:


ComboFix 11-07-05.03 - The Reeve Family 07/09/2011 22:46:56.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4084 [GMT -7:00]
Running from: c:\users\The Reeve Family\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\users\The Reeve Family\AppData\Roaming\.#
c:\users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{4bca5683-57cf-48b1-821c-6d66d3434164}
c:\users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{4bca5683-57cf-48b1-821c-6d66d3434164}\chrome.manifest
c:\users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{4bca5683-57cf-48b1-821c-6d66d3434164}\chrome\xulcache.jar
c:\users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{4bca5683-57cf-48b1-821c-6d66d3434164}\defaults\preferences\xulcache.js
c:\users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{4bca5683-57cf-48b1-821c-6d66d3434164}\install.rdf
c:\users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\{4bca5683-57cf-48b1-821c-6d66d3434164}
c:\users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\{4bca5683-57cf-48b1-821c-6d66d3434164}\chrome.manifest
c:\users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\{4bca5683-57cf-48b1-821c-6d66d3434164}\chrome\xulcache.jar
c:\users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\{4bca5683-57cf-48b1-821c-6d66d3434164}\defaults\preferences\xulcache.js
c:\users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\{4bca5683-57cf-48b1-821c-6d66d3434164}\install.rdf
c:\users\The Reeve Family\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\FAST2002.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))))
.
.
2011-07-10 06:02 . 2011-07-10 06:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-10 03:37 . 2011-07-10 03:38 -------- d-----w- c:\users\The Reeve Family\AppData\Local\{2F4725B1-CD02-43BB-94A1-6A43FA5685B4}
2011-07-10 03:37 . 2011-07-10 03:37 -------- d-----w- c:\users\The Reeve Family\AppData\Local\{39A35FF1-12DF-4C1A-B3C5-461CAC397838}
2011-07-09 15:37 . 2011-07-09 15:37 -------- d-----w- c:\users\The Reeve Family\AppData\Local\{D78AA17E-C1AE-4A03-A1E0-EFE804A80412}
2011-07-08 20:43 . 2011-07-08 20:43 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-08 20:11 . 2011-07-08 20:11 -------- d-----w- c:\users\The Reeve Family\AppData\Local\{C37D2A75-0ACA-4BA4-B813-852E172DE875}
2011-07-08 20:10 . 2011-07-08 20:11 -------- d-----w- c:\users\The Reeve Family\AppData\Local\{2C411667-EE6F-41DD-A08D-A59E2D7F885B}
2011-07-08 07:04 . 2011-07-08 07:04 -------- d-----w- c:\users\The Reeve Family\AppData\Local\{1BA57C1F-805C-4C0A-AA48-3C062D1EED45}
2011-07-08 07:04 . 2011-07-08 07:04 -------- d-----w- c:\users\The Reeve Family\AppData\Local\{68A82311-8337-4565-82BB-EF91BDF1AD0D}
2011-07-08 00:44 . 2011-07-08 00:48 -------- d-----w- c:\programdata\PhotoStitch
2011-07-07 23:57 . 2011-07-08 01:50 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\ZoomBrowser EX
2011-07-07 19:03 . 2011-07-07 19:03 -------- d-----w- c:\users\The Reeve Family\AppData\Local\{E85CC538-A8B5-4622-930F-F10FCAF03B93}
2011-07-06 21:02 . 2011-07-06 21:02 -------- d-----w- c:\users\The Reeve Family\AppData\Local\{9EFAC25E-B872-4E4D-9E2A-71FC08A14B00}
2011-07-06 04:48 . 2011-07-06 04:48 -------- d-----w- c:\users\The Reeve Family\AppData\Local\{02D52A9B-68E2-4381-9FCF-51113F4A5747}
2011-07-05 16:48 . 2011-07-05 16:48 -------- d-----w- c:\users\The Reeve Family\AppData\Local\{152FDEF7-6DF2-42A0-88F9-E16E54781D77}
2011-06-22 20:49 . 2011-06-22 20:49 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-22 20:49 . 2011-06-22 20:49 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-21 20:57 . 2011-05-29 16:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-21 20:57 . 2011-06-21 20:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-21 06:37 . 2011-06-21 06:37 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\Canon
2011-06-21 06:30 . 2011-06-21 06:30 -------- d-----w- c:\users\The Reeve Family\AppData\Local\CANON_INC
2011-06-21 04:21 . 2011-07-08 00:05 -------- d-----w- c:\programdata\ZoomBrowser
2011-06-21 04:20 . 2011-06-21 04:22 -------- d-----w- c:\program files (x86)\Canon
2011-06-21 04:19 . 2011-06-21 04:19 -------- d-----w- c:\program files (x86)\Common Files\Canon
2011-06-16 05:31 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 05:31 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 05:31 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 05:31 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 05:31 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 05:31 . 2011-05-28 03:06 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-06-16 05:31 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 05:31 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 05:31 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 05:31 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 05:31 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-16 05:31 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 05:31 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-10 16:39 . 2011-06-10 16:40 -------- d-----w- c:\program files\iTunes
2011-06-10 16:39 . 2011-06-10 16:40 -------- d-----w- c:\program files (x86)\iTunes
2011-06-10 16:39 . 2011-06-10 16:39 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-17 00:42 . 2011-06-06 05:44 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-31 18:57 . 2011-05-31 18:57 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-31 18:57 . 2011-05-31 18:57 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-31 18:57 . 2011-05-31 18:57 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-31 18:57 . 2011-05-31 18:57 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-31 18:57 . 2011-05-31 18:57 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-31 18:57 . 2011-05-31 18:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-31 18:57 . 2011-05-31 18:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-31 18:57 . 2011-05-31 18:57 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-31 18:57 . 2011-05-31 18:57 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-31 18:57 . 2011-05-31 18:57 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-31 18:57 . 2011-05-31 18:57 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-31 18:57 . 2011-05-31 18:57 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-31 18:57 . 2011-05-31 18:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-31 18:57 . 2011-05-31 18:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-31 18:57 . 2011-05-31 18:57 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-31 18:57 . 2011-05-31 18:57 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-31 18:57 . 2011-05-31 18:57 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-31 18:57 . 2011-05-31 18:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-31 18:57 . 2011-05-31 18:57 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-05-31 18:57 . 2011-05-31 18:57 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-31 18:57 . 2011-05-31 18:57 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-31 18:57 . 2011-05-31 18:57 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-31 18:57 . 2011-05-31 18:57 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-31 18:57 . 2011-05-31 18:57 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-31 18:57 . 2011-05-31 18:57 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-31 18:57 . 2011-05-31 18:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-31 18:57 . 2011-05-31 18:57 448512 ----a-w- c:\windows\system32\html.iec
2011-05-31 18:57 . 2011-05-31 18:57 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-31 18:57 . 2011-05-31 18:57 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-31 18:57 . 2011-05-31 18:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-31 18:57 . 2011-05-31 18:57 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-31 18:57 . 2011-05-31 18:57 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-31 18:57 . 2011-05-31 18:57 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-31 18:57 . 2011-05-31 18:57 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-31 18:57 . 2011-05-31 18:57 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-31 18:57 . 2011-05-31 18:57 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-31 18:57 . 2011-05-31 18:57 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-31 18:57 . 2011-05-31 18:57 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-29 16:11 . 2010-05-01 06:54 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 11:02 . 2009-12-01 22:28 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-05-28 11:02 . 2010-05-18 23:03 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-28 11:02 . 2010-06-02 23:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-28 11:02 . 2009-12-05 23:00 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-27 02:45 . 2010-01-29 23:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-05-27 02:45 . 2009-12-01 22:27 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-05-27 02:45 . 2010-05-18 23:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-05-26 19:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-26 19:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-10 15:06 . 2011-05-10 15:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 15:06 . 2011-05-10 15:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-04-22 22:15 . 2011-05-24 18:20 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-14 21:01 . 2011-01-22 21:09 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 21:01 . 2011-01-22 21:08 149032 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-14 21:01 . 2011-01-22 21:08 94992 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 21:01 . 2011-01-22 21:08 75160 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-04-14 21:01 . 2011-01-22 21:08 63056 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 21:01 . 2011-01-22 21:08 530304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 21:01 . 2011-01-22 21:08 441840 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 21:01 . 2011-01-22 21:08 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-04-14 21:01 . 2011-01-22 21:08 190520 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 21:01 . 2011-01-22 21:08 121376 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\The Reeve Family\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\The Reeve Family\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\The Reeve Family\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\The Reeve Family\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L07AXLRD_2063144"="c:\program files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" [2006-06-10 351000]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1486392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe" [2011-06-06 240288]
.
c:\users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 AppIDSvc32;Application Identity ;c:\windows\system32\mmcico32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2011-05-27 4407152]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-15 92216]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 101048]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\Drivers\nvtcam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-05 c:\windows\Tasks\HPCeeScheduleForThe Reeve Family.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
2011-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\The Reeve Family\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\The Reeve Family\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\The Reeve Family\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\The Reeve Family\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-30 16335976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: grillflame.net\www
Trusted Zone: mcafee.com
TCP: Interfaces\{F1A0FBCA-0112-4F48-9677-74A15FF817D4}: NameServer = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57131
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-sp44401 - c:\hp\Softpaq\sp44401\sp44401.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1088720637-78751619-3950019920-1000\Software\SecuROM\License information*]
"datasecu"=hex:08,97,33,34,fa,95,8a,2e,6b,af,e5,75,48,48,78,1c,4d,e8,f2,a0,88,
b0,21,82,04,0f,e2,47,3a,a2,ee,ad,7e,78,33,ec,67,b4,ce,f9,fa,9e,2a,77,3c,f0,\
"rkeysecu"=hex:60,fa,bb,39,2f,f0,f2,8d,87,2d,b0,36,24,c9,bc,ac
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2011-07-09 23:27:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-10 06:26
.
Pre-Run: 159,514,013,696 bytes free
Post-Run: 159,432,474,624 bytes free
.
- - End Of File - - F16FE546B5336DFDBD725C37DBAC821F
  • 0

#19
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Click the Start button then Computer. Press the ALT key. A menu will drop down, click the Tools button, Folder Options, the View tab, now click show hidden folders files and UN-Check hide protected operating system files. Then click OK.

Now visit HERE, click Browse and browse to this location and select this file:

c:\windows\system32\mmcico32.exe

Then submit the file and let it scan it, then give me the report.
  • 0

#20
AZCMer

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
I unhid the files and went to the webpage noted and tried browsing to the file listed, but it is not there. There is one with a .dll extension, but not one with a .exe extension.

Edit: Or rather the closest file name I can find is mmcico.dll in that folder.

What to do next?

Edited by AZCMer, 10 July 2011 - 05:52 PM.

  • 0

#21
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
I really want to check the file out before I nuke it.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
c:\windows\system32\mmcico32.exe | c:\mmcico32.exe

FileLook::
c:\windows\system32\mmcico32.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


This will copy the file to c:\. Repeat the upload instructions, but this time navigate to c: and upload mmcico32.exe from there.

I'm double checking before I nuke it, it's looking malicious right now.
  • 0

#22
AZCMer

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
The file you are looking for is not coming up. Is is elusive and hiding from us? Or do you think it already got eradicated? Can these files be that smart - to hide to keep themselves smart?

I have double checked to make sure that hidden files are showing and I have even done a search on this file and it comes up file not found. So, I haven't been able to submit it to be scanned. Sorry. :-(

Here is the combofix log:


ComboFix 11-07-10.05 - The Reeve Family 07/10/2011 18:34:25.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4413 [GMT -7:00]
Running from: c:\users\The Reeve Family\Desktop\ComboFix.exe
Command switches used :: c:\users\The Reeve Family\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 )))))))))))))))))))))))))))))))
.
.
2011-07-11 01:50 . 2011-07-11 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-08 20:43 . 2011-07-08 20:43 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-08 00:44 . 2011-07-08 00:48 -------- d-----w- c:\programdata\PhotoStitch
2011-07-07 23:57 . 2011-07-08 01:50 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\ZoomBrowser EX
2011-06-22 20:49 . 2011-06-22 20:49 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-22 20:49 . 2011-06-22 20:49 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-21 20:57 . 2011-05-29 16:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-21 20:57 . 2011-06-21 20:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-21 06:37 . 2011-06-21 06:37 -------- d-----w- c:\users\The Reeve Family\AppData\Roaming\Canon
2011-06-21 06:30 . 2011-06-21 06:30 -------- d-----w- c:\users\The Reeve Family\AppData\Local\CANON_INC
2011-06-21 04:21 . 2011-07-08 00:05 -------- d-----w- c:\programdata\ZoomBrowser
2011-06-21 04:20 . 2011-06-21 04:22 -------- d-----w- c:\program files (x86)\Canon
2011-06-21 04:19 . 2011-06-21 04:19 -------- d-----w- c:\program files (x86)\Common Files\Canon
2011-06-16 05:31 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 05:31 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 05:31 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 05:31 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 05:31 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 05:31 . 2011-05-28 03:06 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-06-16 05:31 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 05:31 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 05:31 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 05:31 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 05:31 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-16 05:31 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 05:31 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-17 00:42 . 2011-06-06 05:44 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-31 18:57 . 2011-05-31 18:57 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-31 18:57 . 2011-05-31 18:57 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-31 18:57 . 2011-05-31 18:57 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-31 18:57 . 2011-05-31 18:57 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-31 18:57 . 2011-05-31 18:57 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-31 18:57 . 2011-05-31 18:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-31 18:57 . 2011-05-31 18:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-31 18:57 . 2011-05-31 18:57 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-31 18:57 . 2011-05-31 18:57 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-31 18:57 . 2011-05-31 18:57 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-31 18:57 . 2011-05-31 18:57 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-31 18:57 . 2011-05-31 18:57 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-31 18:57 . 2011-05-31 18:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-31 18:57 . 2011-05-31 18:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-31 18:57 . 2011-05-31 18:57 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-31 18:57 . 2011-05-31 18:57 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-31 18:57 . 2011-05-31 18:57 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-31 18:57 . 2011-05-31 18:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-31 18:57 . 2011-05-31 18:57 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-05-31 18:57 . 2011-05-31 18:57 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-31 18:57 . 2011-05-31 18:57 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-31 18:57 . 2011-05-31 18:57 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-31 18:57 . 2011-05-31 18:57 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-31 18:57 . 2011-05-31 18:57 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-31 18:57 . 2011-05-31 18:57 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-31 18:57 . 2011-05-31 18:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-31 18:57 . 2011-05-31 18:57 448512 ----a-w- c:\windows\system32\html.iec
2011-05-31 18:57 . 2011-05-31 18:57 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-31 18:57 . 2011-05-31 18:57 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-31 18:57 . 2011-05-31 18:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-31 18:57 . 2011-05-31 18:57 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-31 18:57 . 2011-05-31 18:57 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-31 18:57 . 2011-05-31 18:57 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-31 18:57 . 2011-05-31 18:57 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-31 18:57 . 2011-05-31 18:57 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-31 18:57 . 2011-05-31 18:57 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-31 18:57 . 2011-05-31 18:57 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-31 18:57 . 2011-05-31 18:57 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-29 16:11 . 2010-05-01 06:54 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 11:02 . 2009-12-01 22:28 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-05-28 11:02 . 2010-05-18 23:03 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-28 11:02 . 2010-06-02 23:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-28 11:02 . 2009-12-05 23:00 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-27 02:45 . 2010-01-29 23:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-05-27 02:45 . 2009-12-01 22:27 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-05-27 02:45 . 2010-05-18 23:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-05-26 19:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-26 19:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-05-10 15:06 . 2011-05-10 15:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 15:06 . 2011-05-10 15:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-04-22 22:15 . 2011-05-24 18:20 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-14 21:01 . 2011-01-22 21:09 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 21:01 . 2011-01-22 21:08 149032 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-14 21:01 . 2011-01-22 21:08 94992 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 21:01 . 2011-01-22 21:08 75160 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-04-14 21:01 . 2011-01-22 21:08 63056 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 21:01 . 2011-01-22 21:08 530304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 21:01 . 2011-01-22 21:08 441840 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 21:01 . 2011-01-22 21:08 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-04-14 21:01 . 2011-01-22 21:08 190520 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 21:01 . 2011-01-22 21:08 121376 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
((((((((((((((((((((((((((((( [email protected]_06.05.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-21 19:32 . 2011-07-11 01:54 92118 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-07-10 06:05 39388 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-11 01:54 39388 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-26 03:08 . 2011-07-11 01:54 28206 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1088720637-78751619-3950019920-1000_UserData.bin
- 2010-07-04 14:17 . 2011-07-09 20:32 16966 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
+ 2010-07-04 14:17 . 2011-07-11 01:52 16966 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat
- 2009-11-26 03:00 . 2011-07-10 06:04 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-26 03:00 . 2011-07-11 01:28 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-24 19:16 . 2011-07-11 01:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-07-24 19:16 . 2011-07-10 06:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-11 01:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-10 06:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-11 01:52 . 2011-07-11 01:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-10 06:03 . 2011-07-10 06:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-11 01:52 . 2011-07-11 01:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-10 06:03 . 2011-07-10 06:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-07-10 06:02 329124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-11 01:51 329124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-11-26 17:37 . 2011-07-10 06:02 12221800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088720637-78751619-3950019920-1000-8192.dat
+ 2009-11-26 17:37 . 2011-07-11 01:51 12221800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1088720637-78751619-3950019920-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\The Reeve Family\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\The Reeve Family\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\The Reeve Family\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\The Reeve Family\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"L07AXLRD_2063144"="c:\program files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" [2006-06-10 351000]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1486392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe" [2011-06-06 240288]
.
c:\users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 AppIDSvc32;Application Identity ;c:\windows\system32\mmcico32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2011-05-27 4407152]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-15 92216]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 101048]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\Drivers\nvtcam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-05 c:\windows\Tasks\HPCeeScheduleForThe Reeve Family.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
2011-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\The Reeve Family\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\The Reeve Family\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\The Reeve Family\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\The Reeve Family\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-30 16335976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: grillflame.net\www
Trusted Zone: mcafee.com
TCP: Interfaces\{F1A0FBCA-0112-4F48-9677-74A15FF817D4}: NameServer = 68.105.28.12,68.105.29.12
FF - ProfilePath - c:\users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57131
FF - prefs.js: network.proxy.type - 4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1088720637-78751619-3950019920-1000\Software\SecuROM\License information*]
"datasecu"=hex:08,97,33,34,fa,95,8a,2e,6b,af,e5,75,48,48,78,1c,4d,e8,f2,a0,88,
b0,21,82,04,0f,e2,47,3a,a2,ee,ad,7e,78,33,ec,67,b4,ce,f9,fa,9e,2a,77,3c,f0,\
"rkeysecu"=hex:60,fa,bb,39,2f,f0,f2,8d,87,2d,b0,36,24,c9,bc,ac
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2011-07-10 19:16:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-11 02:16
ComboFix2.txt 2011-07-11 01:20
.
Pre-Run: 159,469,735,936 bytes free
Post-Run: 159,407,050,752 bytes free
.
- - End Of File - - FCA91EAA61B184FC304FE62DC934518F
  • 0

#23
AZCMer

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Just had something happen . . .

I had 9 tabs open in Firefox researching Ric Clay when firefox started acting wonky.

  • timing out while searching rik clay and zeitgeist movie
  • flash across screen and firefox seems to close, but reopens when site is reached
  • flashing, pixelated screen and the monitor turns blue. (new monitor, btw)

I then did a hard shut down, unplugged the tower and pressed the power button for 30 seconds to release any static, and turned the computer back on.

I then logged in and got the diagnostic "Preparing your desktop" which I've never seen before.

My screen was completely different and I got a popup which said:

You have been logged on with a temporary profile. You cannot access your files and files created in this profile will be deleted when you log off. To fix this, log off and try logging on later. Please see event log for details or contact your system administrator.


This was the error I got just before I shut the system down:

Data error on device.

Device: \Device\RaidPort0
Model: WDC WD6400AAKS-65A7B2
Firmware Version: 01.0
Serial Number: WD-WCASY7517807
Port: 0


And the two I got after logging on are:

Session "" failed to start with the following error: 0xC000000D
Session "Homegroup Log" failed to start with the following error: 0xC0000035


I've never had this happen before and am not sure about rebooting.

I don't know if I'm doing this right, but here is the event log from this evening:


Error 7/10/2011 10:04:44 PM Kernel-EventTracing 2 Session
Error 7/10/2011 10:04:44 PM Kernel-EventTracing 2 Session
Error 7/10/2011 10:03:16 PM User Profile Service 1511 None
Error 7/10/2011 10:03:16 PM User Profile Service 1515 None
Error 7/10/2011 10:03:16 PM User Profile Service 1502 None
Error 7/10/2011 10:03:16 PM User Profile Service 1508 None
Error 7/10/2011 10:03:08 PM PrintService 315 Sharing a printer
Error 7/10/2011 10:03:03 PM Eventlog 1101 Event processing
Critical 7/10/2011 10:02:56 PM Kernel-Power 41 (63)
Error 7/10/2011 10:03:02 PM EventLog 6008 None
Error 7/10/2011 9:45:41 PM nvstor64 3 None
Error 7/10/2011 9:45:41 PM nvstor64 3 None
Error 7/10/2011 9:45:41 PM nvstor64 3 None
Warning 7/10/2011 9:45:20 PM nvstor64 129 None
Error 7/10/2011 9:44:47 PM nvstor64 3 None
Warning 7/10/2011 9:44:47 PM nvstor64 129 None
Error 7/10/2011 9:38:05 PM nvstor64 3 None
Error 7/10/2011 9:37:49 PM nvstor64 3 None
Error 7/10/2011 9:37:49 PM nvstor64 3 None
Error 7/10/2011 9:37:49 PM nvstor64 3 None
Error 7/10/2011 9:37:49 PM nvstor64 3 None
Error 7/10/2011 9:37:49 PM nvstor64 3 None
Error 7/10/2011 9:37:48 PM nvstor64 3 None
Error 7/10/2011 9:37:48 PM nvstor64 3 None
Error 7/10/2011 9:37:48 PM nvstor64 3 None
Error 7/10/2011 9:37:48 PM nvstor64 3 None
Error 7/10/2011 9:37:48 PM nvstor64 3 None
Error 7/10/2011 9:37:47 PM nvstor64 3 None
Error 7/10/2011 9:37:47 PM nvstor64 3 None
Error 7/10/2011 9:37:47 PM nvstor64 3 None
Error 7/10/2011 9:37:47 PM nvstor64 3 None
Error 7/10/2011 9:37:47 PM nvstor64 3 None
Error 7/10/2011 9:37:47 PM nvstor64 3 None
Error 7/10/2011 9:37:47 PM nvstor64 3 None
Error 7/10/2011 9:37:47 PM nvstor64 3 None
Error 7/10/2011 9:37:46 PM nvstor64 3 None
Error 7/10/2011 9:37:46 PM nvstor64 3 None
Error 7/10/2011 9:37:46 PM nvstor64 3 None
Error 7/10/2011 9:37:46 PM nvstor64 3 None
Error 7/10/2011 9:37:46 PM nvstor64 3 None
Error 7/10/2011 9:37:45 PM nvstor64 3 None
Error 7/10/2011 9:37:45 PM nvstor64 3 None
Error 7/10/2011 9:37:45 PM nvstor64 3 None
Error 7/10/2011 9:37:45 PM nvstor64 3 None
Error 7/10/2011 9:37:45 PM nvstor64 3 None
Error 7/10/2011 9:37:44 PM nvstor64 3 None
Error 7/10/2011 9:37:44 PM nvstor64 3 None
Error 7/10/2011 9:37:44 PM nvstor64 3 None
Error 7/10/2011 9:37:44 PM nvstor64 3 None
Error 7/10/2011 9:37:44 PM nvstor64 3 None
Error 7/10/2011 9:37:43 PM nvstor64 3 None
Error 7/10/2011 9:37:43 PM nvstor64 3 None
Error 7/10/2011 9:37:43 PM nvstor64 3 None
Error 7/10/2011 9:37:43 PM nvstor64 3 None
Error 7/10/2011 9:37:43 PM nvstor64 3 None
Error 7/10/2011 9:37:43 PM nvstor64 3 None
Error 7/10/2011 9:37:43 PM nvstor64 3 None
Error 7/10/2011 9:37:43 PM nvstor64 3 None
Error 7/10/2011 9:37:43 PM nvstor64 3 None
Error 7/10/2011 9:37:43 PM nvstor64 3 None
Error 7/10/2011 9:37:43 PM nvstor64 3 None
Error 7/10/2011 9:37:43 PM nvstor64 3 None
Error 7/10/2011 9:37:43 PM nvstor64 3 None
Error 7/10/2011 9:37:43 PM nvstor64 3 None
Error 7/10/2011 9:37:42 PM nvstor64 3 None
Error 7/10/2011 9:37:42 PM nvstor64 3 None
Error 7/10/2011 9:37:42 PM nvstor64 3 None
Error 7/10/2011 9:37:42 PM nvstor64 3 None
Error 7/10/2011 9:37:42 PM nvstor64 3 None
Error 7/10/2011 9:37:41 PM nvstor64 3 None
Error 7/10/2011 9:37:41 PM nvstor64 3 None
Error 7/10/2011 9:37:41 PM nvstor64 3 None
Error 7/10/2011 9:37:41 PM nvstor64 3 None
Error 7/10/2011 9:37:40 PM nvstor64 3 None
Error 7/10/2011 9:37:40 PM nvstor64 3 None
Error 7/10/2011 9:37:40 PM nvstor64 3 None
Error 7/10/2011 9:37:40 PM nvstor64 3 None
Error 7/10/2011 9:37:40 PM nvstor64 3 None
Error 7/10/2011 9:37:39 PM nvstor64 3 None
Error 7/10/2011 9:37:39 PM nvstor64 3 None
Error 7/10/2011 9:37:39 PM nvstor64 3 None
Error 7/10/2011 9:37:39 PM nvstor64 3 None
Error 7/10/2011 9:37:39 PM nvstor64 3 None
Error 7/10/2011 9:37:38 PM nvstor64 3 None
Error 7/10/2011 9:37:38 PM nvstor64 3 None
Error 7/10/2011 9:37:38 PM nvstor64 3 None
Error 7/10/2011 9:37:38 PM nvstor64 3 None
Error 7/10/2011 9:37:38 PM nvstor64 3 None
Error 7/10/2011 9:37:37 PM nvstor64 3 None
Error 7/10/2011 9:37:37 PM nvstor64 3 None
Error 7/10/2011 9:37:37 PM nvstor64 3 None
Error 7/10/2011 9:37:37 PM nvstor64 3 None
Error 7/10/2011 9:37:37 PM nvstor64 3 None
Error 7/10/2011 9:37:36 PM nvstor64 3 None
Error 7/10/2011 9:37:36 PM nvstor64 3 None
Error 7/10/2011 9:37:35 PM nvstor64 3 None
Error 7/10/2011 9:37:35 PM nvstor64 3 None
Error 7/10/2011 9:37:35 PM nvstor64 3 None
Error 7/10/2011 9:37:35 PM nvstor64 3 None
Error 7/10/2011 9:37:35 PM nvstor64 3 None
Error 7/10/2011 9:37:35 PM nvstor64 3 None
Error 7/10/2011 9:37:35 PM nvstor64 3 None
Error 7/10/2011 9:37:35 PM nvstor64 3 None
Error 7/10/2011 9:37:35 PM nvstor64 3 None
Error 7/10/2011 9:37:35 PM nvstor64 3 None
Error 7/10/2011 9:37:35 PM nvstor64 3 None
Error 7/10/2011 9:37:35 PM nvstor64 3 None
Error 7/10/2011 9:37:35 PM nvstor64 3 None
Error 7/10/2011 9:37:35 PM nvstor64 3 None
Error 7/10/2011 9:37:34 PM nvstor64 3 None
Error 7/10/2011 9:37:34 PM nvstor64 3 None
Error 7/10/2011 9:37:34 PM nvstor64 3 None
Error 7/10/2011 9:37:34 PM nvstor64 3 None
Error 7/10/2011 9:37:34 PM nvstor64 3 None
Error 7/10/2011 9:37:34 PM nvstor64 3 None
Error 7/10/2011 9:37:33 PM nvstor64 3 None
Error 7/10/2011 9:37:33 PM nvstor64 3 None
Error 7/10/2011 9:37:33 PM nvstor64 3 None
Error 7/10/2011 9:37:33 PM nvstor64 3 None
Error 7/10/2011 9:37:33 PM nvstor64 3 None
Error 7/10/2011 9:37:33 PM nvstor64 3 None
Error 7/10/2011 9:37:32 PM nvstor64 3 None
Error 7/10/2011 9:37:32 PM nvstor64 3 None
Error 7/10/2011 9:37:32 PM nvstor64 3 None
Error 7/10/2011 9:37:32 PM nvstor64 3 None
Error 7/10/2011 9:37:32 PM nvstor64 3 None
Error 7/10/2011 9:37:09 PM nvstor64 3 None
Error 7/10/2011 9:37:06 PM nvstor64 3 None
Error 7/10/2011 9:37:06 PM nvstor64 3 None
Error 7/10/2011 9:37:06 PM nvstor64 3 None
Error 7/10/2011 9:37:06 PM nvstor64 3 None
Error 7/10/2011 9:37:05 PM nvstor64 3 None
Error 7/10/2011 9:37:05 PM nvstor64 3 None
Error 7/10/2011 9:37:05 PM nvstor64 3 None
Error 7/10/2011 9:37:05 PM nvstor64 3 None
Error 7/10/2011 9:37:05 PM nvstor64 3 None
Error 7/10/2011 9:37:03 PM nvstor64 3 None
Error 7/10/2011 9:37:03 PM nvstor64 3 None
Error 7/10/2011 9:37:03 PM nvstor64 3 None
Error 7/10/2011 9:37:03 PM nvstor64 3 None
Error 7/10/2011 9:37:03 PM nvstor64 3 None
Error 7/10/2011 9:36:29 PM nvstor64 3 None
Error 7/10/2011 9:36:29 PM nvstor64 3 None
Error 7/10/2011 9:36:29 PM nvstor64 3 None
Error 7/10/2011 9:36:29 PM nvstor64 3 None
Error 7/10/2011 9:36:29 PM nvstor64 3 None
Error 7/10/2011 9:36:29 PM nvstor64 3 None
Error 7/10/2011 9:36:13 PM nvstor64 3 None
Error 7/10/2011 9:36:13 PM nvstor64 3 None
Error 7/10/2011 9:36:13 PM nvstor64 3 None
Error 7/10/2011 9:36:13 PM nvstor64 3 None
Error 7/10/2011 9:36:13 PM nvstor64 3 None
Error 7/10/2011 9:36:13 PM nvstor64 3 None
Error 7/10/2011 9:36:05 PM nvstor64 3 None
Error 7/10/2011 9:36:05 PM nvstor64 3 None
Error 7/10/2011 9:36:05 PM nvstor64 3 None
Error 7/10/2011 9:36:05 PM nvstor64 3 None
Error 7/10/2011 9:36:05 PM nvstor64 3 None
Error 7/10/2011 9:36:02 PM nvstor64 3 None
Error 7/10/2011 9:36:02 PM nvstor64 3 None
Error 7/10/2011 9:36:02 PM nvstor64 3 None
Error 7/10/2011 9:36:02 PM nvstor64 3 None
Error 7/10/2011 9:35:58 PM nvstor64 3 None
Error 7/10/2011 9:35:58 PM nvstor64 3 None
Error 7/10/2011 9:35:58 PM nvstor64 3 None
Error 7/10/2011 9:35:58 PM nvstor64 3 None
Error 7/10/2011 9:35:47 PM nvstor64 3 None
Error 7/10/2011 9:35:47 PM nvstor64 3 None
Error 7/10/2011 9:35:47 PM nvstor64 3 None
Error 7/10/2011 9:35:47 PM nvstor64 3 None
Error 7/10/2011 9:35:47 PM nvstor64 3 None
Error 7/10/2011 9:35:10 PM nvstor64 3 None
Error 7/10/2011 9:35:10 PM nvstor64 3 None
Error 7/10/2011 9:35:10 PM nvstor64 3 None
Error 7/10/2011 9:35:10 PM nvstor64 3 None
Error 7/10/2011 9:35:10 PM nvstor64 3 None
Error 7/10/2011 9:34:58 PM nvstor64 3 None
Error 7/10/2011 9:34:58 PM nvstor64 3 None
Error 7/10/2011 9:34:58 PM nvstor64 3 None
Error 7/10/2011 9:34:58 PM nvstor64 3 None
Error 7/10/2011 9:34:58 PM nvstor64 3 None
Error 7/10/2011 9:34:56 PM Service Control Manager 7031 None
Warning 7/10/2011 9:34:56 PM nvstor64 129 None
Error 7/10/2011 9:34:56 PM McLogEvent 5051 None
Warning 7/10/2011 9:34:56 PM ESENT 508 Performance
Warning 7/10/2011 9:34:56 PM ESENT 508 Performance
Warning 7/10/2011 9:34:56 PM ESENT 508 Performance
Warning 7/10/2011 9:33:56 PM nvstor64 129 None
Error 7/10/2011 9:31:08 PM nvstor64 3 None
Error 7/10/2011 9:31:07 PM nvstor64 3 None
  • 0

#24
AZCMer

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Just rebooted and ended up in the same situation. Unable to access any of my documents (although my daughter can through the homegroup).

Edit: never mind. . . daughter cannot access the homegroup any more. I cannot see any files, pictures, or documents. Everything is gone, gone, gone. Having a hard time not taking this very badly.

Data is still there, but the computer cannot find it. I could laugh if I didn't feel like crying.

Edited by AZCMer, 11 July 2011 - 12:02 AM.

  • 0

#25
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Step 1:

Calm down please...Don't panic. Let's just figure this out, ok?

Step 2:

So your computer does boot correct? But just into a different (temp) profile?

Are you able to start into Safe Mode? Do you have the installation disk?
  • 0

Advertisements


#26
AZCMer

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Thanks for your encouragement. I stopped panicking after I watched an episode of Monk. lol.

I do not have the installation disk for this computer. I did make some recovery disks just after I bought it. I also made a bootable diagnostic media disk.

I cannot boot this computer into safe mode using F8. I was wondering if a setting on my monitor because every time there is no activity on my computer, my monitor goes to sleep.

Edit: I tried booting my computer with the bootable diagnostic disc and it doesn't work. It also doesn't work on my daughter's computer. :-( I'm going to try using the recovery discs and see how that works.

I read about using msconfig and am wondering how I would go about doing that or if that is even an option.

Edited by AZCMer, 11 July 2011 - 12:49 PM.

  • 0

#27
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Whoa wait wait, hold on before you do anything drastic. Let me research this a bit more ok?

Also answer these please:

So your computer does boot correct? But just into a different (temp) profile?
  • 0

#28
AZCMer

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
It does boot correctly only into a temporary profile.

My bootable diagnostic discs don't work.

My recovery discs do seem like they ought to work as they have stuff on them.

I cannot boot into safe mode. I haven't tried booting into safe mode using msconfig because of what it said about the boot sequence and malware.

I await your expertise.
  • 0

#29
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
I'm going to ask some of the other staff, and decide on the best course of action to take here before I proceed.
  • 0

#30
AZCMer

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Ok. Thanks for all you are doing.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP