Win 7 Antivirus 2012

K

Kleene

New Member
I posted a forum at the annoyances.org site and this is my post:

"This is the third day that I have woken up and surf the internet and the mcafee popped up and says "trojan removed, no actions required". The win 7 antivirus 2012 kept popping up and at first I haven't heard anything about it and I can't surf the internet so I ran Spybot Search and Destroy, seem to work. The next day I turned it on the same thing happened, and the third day. I can only surf the internet or use computer if I ran Spybot Search and destroy or this virus totally block my computer. Really don't know anything about computer. I tried calling Mcafee and they will charge $129 just to get rid of it. Can somebody please help and guide me step by step how to remove the virus. Everytime I read a website on how to get rid of it, seems so overwhelming don't know where to start. I tried searching on this forum about the topic but it won't let me, something is blocking my search. Thanks. I have windows vista by the way."

johnb35, these are my logs from Malwarebytes and HijackThis. Thanks for helping.

This is my log from Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8384

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/17/2011 1:53:02 AM
mbam-log-2011-12-17 (01-52-51).txt

Scan type: Full scan (C:\|Q:\|)
Objects scanned: 299793
Time elapsed: 38 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Scuffy\AppData\Local\jjb.exe (Trojan.ExeShell.Gen)
c:\Users\Scuffy\AppData\Local\prt.exe (Rootkit.0Access)
c:\Users\Scuffy\AppData\Local\Temp\lknwszxkdr (Trojan.FakeMS)
c:\Users\Scuffy\AppData\Local\Temp\xeq.dll (Trojan.FakeMS)
c:\Users\Scuffy\documents\1B4U8n2o.exe (Rootkit.0Access)
c:\Users\Scuffy\documents\2rCC2.exe (Rootkit.0Access)
c:\Users\Scuffy\documents\q46qis6.exe (Trojan.FakeMS)

I clicked "fix" or something. Was not sure if I just need to save the log or fix as well, :/ but I click "fix" anyway.




This is my log from HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:15:13 AM, on 12/17/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=cgps12022011
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111202223456.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll, C:\ProgramData\api-ms-win-core-misc-l1-1-032.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Pest Patrol Realtime Service (ITMRTSVC) - CA, Inc. - C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot S&D 2 Live Protection Service (SDHookService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14504 bytes

Thanks a lot!!
 
Last edited:
Forgot to mention, when I opened HijackThis and clicked scan, a window popped up:

"For some reason your system denies write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run and Type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HijackThis reports and delete them.
Save the file as 'hosts' (with quotes), and reboot.

For Vista:simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator.'

I did right clicked and I don't see 'run as administrator'. I know I don't know anything about computers so please bear with me. Thanks.
 
if you dont see the run as admin, then push shift while left clicking on it. that will open the run as menu choice.
 
Hi, glad to see you made it here from annoyances.org. as long as you clicked on remove selected then that's good. However, I noticed you have been infected with the zero access rootkit. I'm at work right now and can't post any specific instructions at thia time. I will be able to better help you this afternoon when I get home which will be 1pm CST. The zero access infection can be difficult to fully remove. I just had to reinstall windows on a clients pc just a couple days ago because it screwed up her internet connection. If you will be patient, I will get back to you this afternoon.
 
Last edited:
Sorry, for not replying sooner. Came home not feeling the greatest and ate something hot.

I need to have you run some more steps.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

infection-found.jpg


To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

scan-completed.jpg


If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.


Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
Thanks johnb35! I have to try this when I get back from work. I will keep you updated if I made some progress or failed. Hope you feel better and thanks for helping me.
 
Scanned the TDSKiller and no threaths found I have to try the Combo Fix later when I get back from work.

Log from TDSKiller

14:01:39.0017 2220 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
14:01:39.0404 2220 ============================================================
14:01:39.0404 2220 Current date / time: 2011/12/17 14:01:39.0404
14:01:39.0404 2220 SystemInfo:
14:01:39.0404 2220
14:01:39.0404 2220 OS Version: 6.1.7601 ServicePack: 1.0
14:01:39.0404 2220 Product type: Workstation
14:01:39.0405 2220 ComputerName: SCUFFY-PC
14:01:39.0405 2220 UserName: Scuffy
14:01:39.0405 2220 Windows directory: C:\Windows
14:01:39.0405 2220 System windows directory: C:\Windows
14:01:39.0405 2220 Running under WOW64
14:01:39.0405 2220 Processor architecture: Intel x64
14:01:39.0405 2220 Number of processors: 4
14:01:39.0405 2220 Page size: 0x1000
14:01:39.0405 2220 Boot type: Normal boot
14:01:39.0405 2220 ============================================================
14:01:39.0792 2220 Initialize success
14:01:41.0555 3436 ============================================================
14:01:41.0555 3436 Scan started
14:01:41.0555 3436 Mode: Manual;
14:01:41.0555 3436 ============================================================
14:01:42.0061 3436 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:01:42.0066 3436 1394ohci - ok
14:01:42.0102 3436 Acceler (7a505465bbb1eb8b5ad4d76e8749383b) C:\Windows\system32\DRIVERS\Accelern.sys
14:01:42.0103 3436 Acceler - ok
14:01:42.0167 3436 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:01:42.0172 3436 ACPI - ok
14:01:42.0204 3436 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:01:42.0207 3436 AcpiPmi - ok
14:01:42.0331 3436 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:01:42.0340 3436 adp94xx - ok
14:01:42.0376 3436 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:01:42.0382 3436 adpahci - ok
14:01:42.0410 3436 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:01:42.0414 3436 adpu320 - ok
14:01:42.0482 3436 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:01:42.0490 3436 AFD - ok
14:01:42.0556 3436 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:01:42.0558 3436 agp440 - ok
14:01:42.0628 3436 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:01:42.0629 3436 aliide - ok
14:01:42.0652 3436 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:01:42.0653 3436 amdide - ok
14:01:42.0700 3436 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:01:42.0702 3436 AmdK8 - ok
14:01:42.0727 3436 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:01:42.0729 3436 AmdPPM - ok
14:01:42.0806 3436 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:01:42.0809 3436 amdsata - ok
14:01:42.0863 3436 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:01:42.0867 3436 amdsbs - ok
14:01:42.0898 3436 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:01:42.0899 3436 amdxata - ok
14:01:42.0995 3436 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:01:42.0997 3436 AppID - ok
14:01:43.0044 3436 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:01:43.0047 3436 arc - ok
14:01:43.0066 3436 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:01:43.0069 3436 arcsas - ok
14:01:43.0124 3436 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:01:43.0126 3436 AsyncMac - ok
14:01:43.0161 3436 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:01:43.0163 3436 atapi - ok
14:01:43.0247 3436 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:01:43.0255 3436 b06bdrv - ok
14:01:43.0297 3436 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:01:43.0302 3436 b57nd60a - ok
14:01:43.0337 3436 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:01:43.0338 3436 Beep - ok
14:01:43.0390 3436 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:01:43.0391 3436 blbdrive - ok
14:01:43.0430 3436 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:01:43.0432 3436 bowser - ok
14:01:43.0454 3436 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:01:43.0455 3436 BrFiltLo - ok
14:01:43.0493 3436 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:01:43.0494 3436 BrFiltUp - ok
14:01:43.0582 3436 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:01:43.0588 3436 Brserid - ok
14:01:43.0629 3436 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:01:43.0631 3436 BrSerWdm - ok
14:01:43.0653 3436 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:01:43.0654 3436 BrUsbMdm - ok
14:01:43.0695 3436 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:01:43.0696 3436 BrUsbSer - ok
14:01:43.0753 3436 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:01:43.0755 3436 BthEnum - ok
14:01:43.0789 3436 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:01:43.0791 3436 BTHMODEM - ok
14:01:43.0888 3436 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:01:43.0891 3436 BthPan - ok
14:01:43.0984 3436 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:01:43.0994 3436 BTHPORT - ok
14:01:44.0038 3436 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:01:44.0040 3436 BTHUSB - ok
14:01:44.0098 3436 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
14:01:44.0105 3436 btwampfl - ok
14:01:44.0146 3436 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys
14:01:44.0148 3436 btwaudio - ok
14:01:44.0190 3436 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys
14:01:44.0193 3436 btwavdt - ok
14:01:44.0272 3436 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
14:01:44.0274 3436 btwl2cap - ok
14:01:44.0312 3436 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys
14:01:44.0314 3436 btwrchid - ok
14:01:44.0347 3436 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:01:44.0349 3436 cdfs - ok
14:01:44.0449 3436 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:01:44.0452 3436 cdrom - ok
14:01:44.0514 3436 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
14:01:44.0517 3436 cfwids - ok
14:01:44.0574 3436 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:01:44.0575 3436 circlass - ok
14:01:44.0637 3436 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:01:44.0643 3436 CLFS - ok
14:01:44.0688 3436 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:01:44.0690 3436 CmBatt - ok
14:01:44.0722 3436 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:01:44.0724 3436 cmdide - ok
14:01:44.0765 3436 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:01:44.0772 3436 CNG - ok
14:01:44.0817 3436 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:01:44.0818 3436 Compbatt - ok
14:01:44.0853 3436 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:01:44.0855 3436 CompositeBus - ok
14:01:44.0884 3436 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:01:44.0886 3436 crcdisk - ok
14:01:44.0983 3436 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
14:01:44.0986 3436 CtClsFlt - ok
14:01:45.0066 3436 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:01:45.0068 3436 DfsC - ok
14:01:45.0130 3436 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:01:45.0131 3436 discache - ok
14:01:45.0190 3436 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:01:45.0192 3436 Disk - ok
14:01:45.0286 3436 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:01:45.0287 3436 drmkaud - ok
14:01:45.0344 3436 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:01:45.0355 3436 DXGKrnl - ok
14:01:45.0469 3436 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:01:45.0501 3436 ebdrv - ok
14:01:45.0584 3436 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:01:45.0595 3436 elxstor - ok
14:01:45.0636 3436 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:01:45.0638 3436 ErrDev - ok
14:01:45.0718 3436 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:01:45.0722 3436 exfat - ok
14:01:45.0767 3436 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:01:45.0770 3436 fastfat - ok
14:01:45.0809 3436 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:01:45.0811 3436 fdc - ok
14:01:45.0870 3436 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:01:45.0872 3436 FileInfo - ok
14:01:45.0909 3436 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:01:45.0918 3436 Filetrace - ok
14:01:45.0947 3436 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:01:45.0949 3436 flpydisk - ok
14:01:45.0996 3436 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:01:46.0001 3436 FltMgr - ok
14:01:46.0032 3436 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:01:46.0038 3436 FsDepends - ok
14:01:46.0074 3436 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:01:46.0076 3436 Fs_Rec - ok
14:01:46.0112 3436 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:01:46.0115 3436 fvevol - ok
14:01:46.0175 3436 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:01:46.0177 3436 gagp30kx - ok
14:01:46.0300 3436 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:01:46.0302 3436 hcw85cir - ok
14:01:46.0357 3436 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:01:46.0360 3436 HDAudBus - ok
14:01:46.0436 3436 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:01:46.0437 3436 HECIx64 - ok
14:01:46.0455 3436 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:01:46.0457 3436 HidBatt - ok
14:01:46.0476 3436 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:01:46.0479 3436 HidBth - ok
14:01:46.0515 3436 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:01:46.0517 3436 HidIr - ok
14:01:46.0559 3436 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:01:46.0604 3436 HidUsb - ok
14:01:46.0714 3436 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:01:46.0716 3436 HpSAMD - ok
14:01:46.0754 3436 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:01:46.0766 3436 HTTP - ok
14:01:46.0818 3436 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:01:46.0819 3436 hwpolicy - ok
14:01:46.0855 3436 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:01:46.0858 3436 i8042prt - ok
14:01:46.0906 3436 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
14:01:46.0913 3436 iaStor - ok
14:01:46.0952 3436 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:01:46.0958 3436 iaStorV - ok
14:01:47.0161 3436 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:01:47.0272 3436 igfx - ok
14:01:47.0388 3436 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:01:47.0390 3436 iirsp - ok
14:01:47.0432 3436 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
14:01:47.0435 3436 Impcd - ok
14:01:47.0516 3436 IntcAzAudAddService (491dadcc74327fabc85e0ab80af8f204) C:\Windows\system32\drivers\RTKVHD64.sys
14:01:47.0539 3436 IntcAzAudAddService - ok
14:01:47.0577 3436 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:01:47.0582 3436 IntcDAud - ok
14:01:47.0619 3436 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:01:47.0621 3436 intelide - ok
14:01:47.0653 3436 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:01:47.0654 3436 intelppm - ok
14:01:47.0733 3436 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:01:47.0735 3436 IpFilterDriver - ok
14:01:47.0773 3436 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:01:47.0776 3436 IPMIDRV - ok
14:01:47.0800 3436 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:01:47.0811 3436 IPNAT - ok
14:01:47.0853 3436 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:01:47.0854 3436 IRENUM - ok
14:01:47.0896 3436 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:01:47.0897 3436 isapnp - ok
14:01:47.0925 3436 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:01:47.0930 3436 iScsiPrt - ok
14:01:48.0016 3436 JMCR (08ed99a8271cf0b808c595d88ecee779) C:\Windows\system32\DRIVERS\jmcr.sys
14:01:48.0018 3436 JMCR - ok
14:01:48.0048 3436 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:01:48.0050 3436 kbdclass - ok
14:01:48.0077 3436 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:01:48.0079 3436 kbdhid - ok
14:01:48.0104 3436 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:01:48.0107 3436 KSecDD - ok
14:01:48.0156 3436 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:01:48.0159 3436 KSecPkg - ok
14:01:48.0173 3436 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:01:48.0175 3436 ksthunk - ok
14:01:48.0227 3436 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:01:48.0229 3436 lltdio - ok
14:01:48.0272 3436 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:01:48.0275 3436 LSI_FC - ok
14:01:48.0310 3436 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:01:48.0313 3436 LSI_SAS - ok
14:01:48.0361 3436 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:01:48.0363 3436 LSI_SAS2 - ok
14:01:48.0391 3436 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:01:48.0394 3436 LSI_SCSI - ok
14:01:48.0417 3436 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:01:48.0420 3436 luafv - ok
14:01:48.0516 3436 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:01:48.0518 3436 megasas - ok
14:01:48.0553 3436 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:01:48.0557 3436 MegaSR - ok
14:01:48.0601 3436 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
14:01:48.0603 3436 mfeapfk - ok
14:01:48.0638 3436 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
14:01:48.0641 3436 mfeavfk - ok
14:01:48.0660 3436 mfeavfk01 - ok
14:01:48.0725 3436 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
14:01:48.0730 3436 mfefirek - ok
14:01:48.0755 3436 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
14:01:48.0764 3436 mfehidk - ok
14:01:48.0781 3436 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
14:01:48.0782 3436 mfenlfk - ok
14:01:48.0798 3436 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
14:01:48.0800 3436 mferkdet - ok
14:01:48.0840 3436 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
14:01:48.0845 3436 mfewfpk - ok
14:01:48.0880 3436 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:01:48.0882 3436 Modem - ok
14:01:48.0908 3436 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:01:48.0910 3436 monitor - ok
14:01:48.0975 3436 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:01:48.0976 3436 mouclass - ok
14:01:49.0025 3436 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:01:49.0026 3436 mouhid - ok
14:01:49.0066 3436 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:01:49.0068 3436 mountmgr - ok
14:01:49.0128 3436 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:01:49.0132 3436 mpio - ok
14:01:49.0151 3436 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:01:49.0154 3436 mpsdrv - ok
14:01:49.0185 3436 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:01:49.0188 3436 MRxDAV - ok
14:01:49.0216 3436 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:01:49.0220 3436 mrxsmb - ok
14:01:49.0267 3436 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:01:49.0272 3436 mrxsmb10 - ok
14:01:49.0308 3436 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:01:49.0311 3436 mrxsmb20 - ok
14:01:49.0333 3436 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:01:49.0336 3436 msahci - ok
14:01:49.0358 3436 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:01:49.0362 3436 msdsm - ok
14:01:49.0399 3436 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:01:49.0401 3436 Msfs - ok
14:01:49.0428 3436 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:01:49.0430 3436 mshidkmdf - ok
14:01:49.0472 3436 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:01:49.0473 3436 msisadrv - ok
14:01:49.0528 3436 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:01:49.0530 3436 MSKSSRV - ok
14:01:49.0547 3436 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:01:49.0549 3436 MSPCLOCK - ok
14:01:49.0563 3436 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:01:49.0565 3436 MSPQM - ok
14:01:49.0605 3436 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:01:49.0611 3436 MsRPC - ok
14:01:49.0652 3436 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:01:49.0653 3436 mssmbios - ok
14:01:49.0676 3436 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:01:49.0678 3436 MSTEE - ok
14:01:49.0715 3436 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:01:49.0717 3436 MTConfig - ok
14:01:49.0766 3436 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:01:49.0767 3436 Mup - ok
14:01:49.0881 3436 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:01:49.0886 3436 NativeWifiP - ok
14:01:49.0949 3436 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:01:49.0964 3436 NDIS - ok
14:01:49.0986 3436 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:01:49.0988 3436 NdisCap - ok
14:01:50.0019 3436 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:01:50.0022 3436 NdisTapi - ok
14:01:50.0059 3436 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:01:50.0061 3436 Ndisuio - ok
14:01:50.0108 3436 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:01:50.0111 3436 NdisWan - ok
14:01:50.0159 3436 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:01:50.0161 3436 NDProxy - ok
14:01:50.0177 3436 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:01:50.0178 3436 NetBIOS - ok
14:01:50.0216 3436 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:01:50.0220 3436 NetBT - ok
14:01:50.0401 3436 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
14:01:50.0468 3436 NETw5s64 - ok
14:01:50.0532 3436 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:01:50.0534 3436 nfrd960 - ok
14:01:50.0568 3436 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:01:50.0569 3436 Npfs - ok
14:01:50.0588 3436 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:01:50.0590 3436 nsiproxy - ok
14:01:50.0681 3436 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:01:50.0704 3436 Ntfs - ok
14:01:50.0726 3436 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:01:50.0727 3436 Null - ok
14:01:50.0769 3436 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
14:01:50.0771 3436 nusb3hub - ok
14:01:50.0801 3436 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:01:50.0804 3436 nusb3xhc - ok
14:01:50.0837 3436 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
14:01:50.0840 3436 NVHDA - ok
14:01:51.0065 3436 nvlddmkm (011f0596d167d073e6813ae88e7947a9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:01:51.0123 3436 nvlddmkm - ok
14:01:51.0225 3436 nvpciflt (2bcc53e4ba1acc9b63595c4ae7361ad3) C:\Windows\system32\DRIVERS\nvpciflt.sys
14:01:51.0226 3436 nvpciflt - ok
14:01:51.0274 3436 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:01:51.0277 3436 nvraid - ok
14:01:51.0331 3436 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:01:51.0335 3436 nvstor - ok
14:01:51.0382 3436 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:01:51.0385 3436 nv_agp - ok
14:01:51.0402 3436 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:01:51.0404 3436 ohci1394 - ok
14:01:51.0487 3436 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:01:51.0490 3436 Parport - ok
14:01:51.0527 3436 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:01:51.0529 3436 partmgr - ok
14:01:51.0655 3436 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
14:01:51.0657 3436 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
14:01:51.0694 3436 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:01:51.0697 3436 pci - ok
14:01:51.0731 3436 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:01:51.0733 3436 pciide - ok
14:01:51.0754 3436 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:01:51.0758 3436 pcmcia - ok
14:01:51.0794 3436 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:01:51.0795 3436 pcw - ok
14:01:51.0823 3436 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:01:51.0833 3436 PEAUTH - ok
14:01:51.0911 3436 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:01:51.0913 3436 PptpMiniport - ok
14:01:51.0927 3436 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:01:51.0930 3436 Processor - ok
14:01:51.0982 3436 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:01:51.0985 3436 Psched - ok
14:01:52.0040 3436 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
14:01:52.0041 3436 qicflt - ok
14:01:52.0093 3436 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:01:52.0116 3436 ql2300 - ok
14:01:52.0134 3436 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:01:52.0136 3436 ql40xx - ok
14:01:52.0152 3436 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:01:52.0153 3436 QWAVEdrv - ok
14:01:52.0174 3436 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:01:52.0176 3436 RasAcd - ok
14:01:52.0207 3436 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:01:52.0209 3436 RasAgileVpn - ok
14:01:52.0265 3436 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:01:52.0268 3436 Rasl2tp - ok
14:01:52.0287 3436 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:01:52.0290 3436 RasPppoe - ok
14:01:52.0304 3436 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:01:52.0307 3436 RasSstp - ok
14:01:52.0376 3436 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:01:52.0381 3436 rdbss - ok
14:01:52.0417 3436 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:01:52.0419 3436 rdpbus - ok
14:01:52.0434 3436 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:01:52.0436 3436 RDPCDD - ok
14:01:52.0468 3436 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:01:52.0469 3436 RDPENCDD - ok
14:01:52.0510 3436 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:01:52.0513 3436 RDPREFMP - ok
14:01:52.0546 3436 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:01:52.0551 3436 RDPWD - ok
14:01:52.0597 3436 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:01:52.0600 3436 rdyboost - ok
14:01:52.0679 3436 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:01:52.0682 3436 RFCOMM - ok
14:01:52.0708 3436 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:01:52.0710 3436 rspndr - ok
14:01:52.0746 3436 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:01:52.0750 3436 RTL8167 - ok
14:01:52.0846 3436 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:01:52.0847 3436 SASDIFSV - ok
14:01:52.0866 3436 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:01:52.0867 3436 SASKUTIL - ok
14:01:52.0907 3436 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:01:52.0914 3436 sbp2port - ok
14:01:52.0960 3436 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:01:52.0961 3436 scfilter - ok
14:01:53.0000 3436 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
14:01:53.0003 3436 sdbus - ok
14:01:53.0110 3436 SDHookDriver (d13f1f73269f28ce813ae0c64176b78d) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys
14:01:53.0111 3436 SDHookDriver - ok
14:01:53.0181 3436 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:01:53.0183 3436 secdrv - ok
14:01:53.0223 3436 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:01:53.0224 3436 Serenum - ok
14:01:53.0243 3436 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:01:53.0246 3436 Serial - ok
14:01:53.0303 3436 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:01:53.0305 3436 sermouse - ok
14:01:53.0341 3436 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:01:53.0342 3436 sffdisk - ok
14:01:53.0357 3436 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:01:53.0358 3436 sffp_mmc - ok
14:01:53.0374 3436 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:01:53.0375 3436 sffp_sd - ok
14:01:53.0443 3436 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:01:53.0445 3436 sfloppy - ok
14:01:53.0492 3436 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys
14:01:53.0500 3436 Sftfs - ok
14:01:53.0568 3436 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:01:53.0572 3436 Sftplay - ok
14:01:53.0588 3436 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:01:53.0589 3436 Sftredir - ok
14:01:53.0605 3436 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys
14:01:53.0606 3436 Sftvol - ok
14:01:53.0663 3436 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:01:53.0665 3436 SiSRaid2 - ok
14:01:53.0689 3436 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:01:53.0691 3436 SiSRaid4 - ok
14:01:53.0724 3436 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:01:53.0726 3436 Smb - ok
14:01:53.0762 3436 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:01:53.0764 3436 spldr - ok
14:01:53.0809 3436 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:01:53.0817 3436 srv - ok
14:01:53.0843 3436 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:01:53.0847 3436 srv2 - ok
14:01:53.0866 3436 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:01:53.0868 3436 srvnet - ok
14:01:53.0910 3436 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
14:01:53.0911 3436 stdcfltn - ok
14:01:53.0946 3436 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:01:53.0948 3436 stexstor - ok
14:01:53.0995 3436 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:01:53.0996 3436 swenum - ok
14:01:54.0053 3436 SynTP (36f506c894e1ea59c65faf6398bdf49a) C:\Windows\system32\DRIVERS\SynTP.sys
14:01:54.0068 3436 SynTP - ok
14:01:54.0146 3436 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
14:01:54.0173 3436 Tcpip - ok
14:01:54.0223 3436 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
14:01:54.0237 3436 TCPIP6 - ok
14:01:54.0287 3436 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:01:54.0289 3436 tcpipreg - ok
14:01:54.0320 3436 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:01:54.0322 3436 TDPIPE - ok
14:01:54.0344 3436 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:01:54.0346 3436 TDTCP - ok
14:01:54.0379 3436 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:01:54.0382 3436 tdx - ok
14:01:54.0428 3436 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:01:54.0430 3436 TermDD - ok
14:01:54.0480 3436 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:01:54.0481 3436 tssecsrv - ok
14:01:54.0532 3436 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:01:54.0534 3436 TsUsbFlt - ok
14:01:54.0582 3436 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:01:54.0585 3436 tunnel - ok
14:01:54.0623 3436 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
14:01:54.0624 3436 TurboB - ok
14:01:54.0660 3436 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:01:54.0662 3436 uagp35 - ok
14:01:54.0700 3436 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:01:54.0704 3436 udfs - ok
14:01:54.0727 3436 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:01:54.0729 3436 uliagpkx - ok
14:01:54.0765 3436 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:01:54.0767 3436 umbus - ok
14:01:54.0801 3436 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:01:54.0803 3436 UmPass - ok
14:01:54.0834 3436 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:01:54.0836 3436 usbccgp - ok
14:01:54.0894 3436 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:01:54.0896 3436 usbcir - ok
14:01:54.0914 3436 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:01:54.0916 3436 usbehci - ok
14:01:54.0944 3436 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:01:54.0949 3436 usbhub - ok
14:01:54.0967 3436 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:01:54.0969 3436 usbohci - ok
14:01:55.0030 3436 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:01:55.0032 3436 usbprint - ok
14:01:55.0072 3436 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:01:55.0074 3436 usbscan - ok
14:01:55.0098 3436 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
14:01:55.0147 3436 USBSTOR - ok
14:01:55.0167 3436 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:01:55.0168 3436 usbuhci - ok
14:01:55.0192 3436 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
14:01:55.0196 3436 usbvideo - ok
14:01:55.0239 3436 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:01:55.0240 3436 vdrvroot - ok
14:01:55.0276 3436 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:01:55.0278 3436 vga - ok
14:01:55.0300 3436 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:01:55.0302 3436 VgaSave - ok
14:01:55.0336 3436 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:01:55.0340 3436 vhdmp - ok
14:01:55.0367 3436 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:01:55.0369 3436 viaide - ok
14:01:55.0401 3436 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:01:55.0403 3436 volmgr - ok
14:01:55.0470 3436 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:01:55.0477 3436 volmgrx - ok
14:01:55.0518 3436 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:01:55.0523 3436 volsnap - ok
14:01:55.0564 3436 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:01:55.0568 3436 vsmraid - ok
14:01:55.0592 3436 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:01:55.0593 3436 vwifibus - ok
14:01:55.0621 3436 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:01:55.0624 3436 vwififlt - ok
14:01:55.0662 3436 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:01:55.0663 3436 vwifimp - ok
14:01:55.0705 3436 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:01:55.0706 3436 WacomPen - ok
14:01:55.0753 3436 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:01:55.0755 3436 WANARP - ok
14:01:55.0762 3436 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:01:55.0764 3436 Wanarpv6 - ok
14:01:55.0835 3436 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:01:55.0836 3436 Wd - ok
14:01:55.0864 3436 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:01:55.0871 3436 Wdf01000 - ok
14:01:55.0916 3436 wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\Windows\system32\DRIVERS\WDKMD.sys
14:01:55.0918 3436 wdkmd - ok
14:01:55.0997 3436 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:01:55.0998 3436 WfpLwf - ok
14:01:56.0074 3436 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
14:01:56.0078 3436 WimFltr - ok
14:01:56.0105 3436 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:01:56.0109 3436 WIMMount - ok
14:01:56.0211 3436 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:01:56.0213 3436 WinUsb - ok
14:01:56.0271 3436 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:01:56.0273 3436 WmiAcpi - ok
14:01:56.0307 3436 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:01:56.0309 3436 ws2ifsl - ok
14:01:56.0347 3436 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:01:56.0349 3436 WudfPf - ok
14:01:56.0372 3436 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:01:56.0376 3436 WUDFRd - ok
14:01:56.0425 3436 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:01:56.0461 3436 \Device\Harddisk0\DR0 - ok
14:01:56.0465 3436 Boot (0x1200) (df589a791d97731cb3862355e99b411e) \Device\Harddisk0\DR0\Partition0
14:01:56.0466 3436 \Device\Harddisk0\DR0\Partition0 - ok
14:01:56.0479 3436 Boot (0x1200) (301a8e98bd808bb60594b10e31b70270) \Device\Harddisk0\DR0\Partition1
14:01:56.0481 3436 \Device\Harddisk0\DR0\Partition1 - ok
14:01:56.0481 3436 ============================================================
14:01:56.0481 3436 Scan finished
14:01:56.0481 3436 ============================================================
14:01:56.0496 6224 Detected object count: 0
14:01:56.0496 6224 Actual detected object count: 0
14:04:14.0208 5608 Deinitialize success
 
Tried running combo fix but no luck.

First I turned off the Mcafee anitvirus and disabled the super antispyware and when I opened the ComboFix it says that my anti virus is still on and I have antispyware. I did run the ComboFix anyway and a window popped up and it it says that "stopped working" or something. So I went to uninstall the antispyware and mcafee. Opened the combo fix and it says the same thing that I have mcafee and antispyware, when I just uninstall both of them. I continued anyways and comboFix still stopped working.

I wanted to uninstall the ComboFix and install it again but I can't find the program from my list of installed programs. :(
 
I ran ComboFix on Safe Mode. The fake antivirus popped up again this morning. :mad:

Log from ComboFix

ComboFix 11-12-17.05 - Scuffy 12/18/2011 11:42:02.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5876.4665 [GMT -8:00]
Running from: c:\users\Scuffy\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Spybot - Search & Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Scuffy\AppData\Local\fro.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-20 21:25 . 2010-01-11 02:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2011-12-18 19:45 . 2011-12-18 19:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-18 19:45 . 2011-12-18 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-18 09:42 . 2011-12-18 09:42 -------- d-----w- c:\program files (x86)\McAfee.com
2011-12-18 09:42 . 2011-10-15 21:16 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-12-18 09:42 . 2011-10-15 21:16 75808 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-12-18 09:42 . 2011-10-15 21:16 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-12-18 09:42 . 2011-10-15 21:16 481768 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-12-18 09:42 . 2011-10-15 21:16 284648 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-12-18 09:42 . 2011-10-15 21:16 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-12-18 09:42 . 2011-10-15 21:16 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-12-18 09:42 . 2011-12-18 09:42 -------- d-----w- c:\program files\Common Files\McAfee
2011-12-18 09:42 . 2011-12-18 09:43 -------- d-----w- c:\program files\McAfee
2011-12-18 09:33 . 2011-10-18 22:32 161168 ----a-w- c:\windows\system32\mfevtps.exe
2011-12-17 09:59 . 2011-12-17 09:59 388096 ----a-r- c:\users\Scuffy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-17 09:59 . 2011-12-17 09:59 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-17 09:07 . 2011-12-17 09:07 -------- d-----w- c:\users\Scuffy\AppData\Roaming\Malwarebytes
2011-12-17 09:07 . 2011-12-17 09:07 -------- d-----w- c:\programdata\Malwarebytes
2011-12-17 09:07 . 2011-09-01 01:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-17 09:07 . 2011-12-18 09:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-14 20:27 . 2011-12-18 09:19 -------- d-----w- c:\users\Scuffy\AppData\Local\CrashDumps
2011-12-03 06:02 . 2011-12-03 06:03 -------- d-----w- c:\program files (x86)\xfin_portal
2011-12-02 19:03 . 2011-12-02 19:03 -------- d-----w- c:\users\Scuffy\AppData\Roaming\Tific
2011-12-02 19:03 . 2011-12-02 19:03 -------- d-----w- c:\users\Scuffy\AppData\Local\Symantec
2011-12-02 19:00 . 2011-12-03 06:27 -------- d-----w- c:\programdata\Norton
2011-12-02 18:53 . 2011-12-03 06:38 -------- d-----w- c:\users\Scuffy\AppData\Local\ID Vault
2011-12-02 18:53 . 2011-12-02 18:53 -------- d-----w- c:\programdata\IsolatedStorage
2011-12-02 18:52 . 2011-12-03 06:38 -------- d-----w- c:\users\Scuffy\AppData\Roaming\ID Vault
2011-12-02 18:52 . 2011-12-02 18:52 -------- d-----w- c:\program files (x86)\Common Files\scanner
2011-12-02 18:52 . 2011-12-02 18:52 -------- d-----w- c:\program files (x86)\comcasttb
2011-12-02 18:52 . 2011-12-02 18:52 -------- d-----w- c:\program files (x86)\CA
2011-12-02 18:52 . 2011-12-02 18:52 -------- d-----w- c:\windows\Downloaded Installations
2011-12-02 18:51 . 2011-12-03 06:39 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2011-12-02 18:51 . 2011-12-02 18:51 -------- d-----w- c:\programdata\White Sky, Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-07 18:18 . 2011-06-20 10:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-15 21:16 . 2011-03-13 19:20 647080 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-15 21:16 . 2011-03-13 19:20 160280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-09-21 21:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-21 21:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-17 1674896]
.
c:\users\Scuffy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-08-04 48888]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-08 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-08-12 1620584]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-08-04 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-08-04 1082800]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-08-04 1149864]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-12 235624]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-06-30 2533400]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-08 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-10-06 25072]
R3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-08-04 169624]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-18 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2011-09-23 23:18]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-08 07:29]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-08 07:29]
.
2011-12-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
2011-12-18 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2011-09-23 23:17]
.
2011-12-18 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2011-09-23 23:17]
.
2011-12-20 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-08-12 283240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-02 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-02 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-02 415256]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-08-04 3206816]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-09-24 727664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/?cid=cgps12022011
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 68.87.69.150 68.87.85.102
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-18 11:47:23
ComboFix-quarantined-files.txt 2011-12-18 19:47
.
Pre-Run: 580,507,078,656 bytes free
Post-Run: 580,191,547,392 bytes free
.
- - End Of File - - 604EEA95F630D50FAE5D77EC9888565F
 
If you are still getting the popup, I need you to do the following. Download and run Rkill, this is a renamed version of rkill.

http://download.bleepingcomputer.com/grinler/iExplore.exe

After running it should pop up with a log of what processes it killed if it found anything. Then I need you to open malwarebytes, click on the update tab, click on check for updates and let it update. Then rescan your system using a quick scan and post both logs.
 
If it isn't showing up, it may be the work of the virus. Either way, you'll be able to know if it came back by running the scans again. If you scan, then it removes stuff, then you reboot, and the stuff was removed again, you may have a problem. After everything is said and done, you should be able to run your scans and see nothing was found. If you aren't getting empty scans at the end, you have a problem.
 
You must log in or register to reply here.
Back
Top