Solve : Three day old laptop has bios malware.?

1.	Solve : Three day old laptop has bios malware.?
Answer» It was a disaster, Dave. repair was slooow, system restore gave error msg 0800700b7, it rebooted in the middle of restore, then would't recognize the flash drive. I did do a scan in windows, if that would do any good.Here's a new ComboFix file FWIW:ComboFix 12-11-27.01 - Norm 2 12/01/2012 9:35.10.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.6429 [GMT -8:00] Running from: c:\users\Norm 2\Desktop\ComboFix.exe AV: Microsoft Security Essentials Enabled/Updated {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials Enabled/Updated {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\1354379020.bdinstall.bin c:\users\Norm 2\GoToAssistDownloadHelper.exe . . ((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 ))))))))))))))))))))))))))))))) . . 2012-12-01 17:40 . 2012-12-01 17:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-01 17:14 . 2010-10-04 21:02 53248 ----a-w- c:\windows\SysWow64\CSVer.dll 2012-12-01 16:52 . 2012-12-01 16:51 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BA8C9AF-6C65-4D17-9847-45A30348F0BF}\gapaengine.dll 2012-12-01 16:51 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF7B37FF-777F-4996-ABAB-34DE0061EAC1}\mpengine.dll 2012-12-01 16:45 . 2012-12-01 16:45 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-12-01 16:45 . 2012-12-01 16:46 -------- d-----w- c:\program files\Microsoft Security Client 2012-12-01 16:37 . 2012-11-19 09:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06F992C3-3D7B-45EC-A587-B0F1E84849D2}\mpengine.dll 2012-12-01 16:07 . 2012-12-01 16:07 -------- d-----w- c:\programdata\Citrix 2012-12-01 16:06 . 2012-12-01 16:06 -------- d-----w- c:\program files (x86)\Citrix 2012-12-01 05:46 . 2012-12-01 06:00 4096000 ----a-w- c:\program files (x86)\GUTAF42.tmp 2012-12-01 04:56 . 2012-12-01 05:05 -------- d-----w- C:\FRST 2012-11-30 02:12 . 2012-11-30 02:12 -------- d-----w- C:\AV Tools 2012-11-30 02:12 . 2012-11-30 02:12 -------- d-----w- C:\httpdownload.comodo.comlps4lps-gb-x86.msi 2012-11-29 00:35 . 2012-11-29 00:35 -------- d-----w- c:\programdata\CPA_VA 2012-11-29 00:27 . 2012-12-01 16:31 -------- d-----w- c:\programdata\Comodo 2012-11-29 00:26 . 2012-12-01 16:43 -------- d-----w- c:\program files (x86)\Comodo 2012-11-29 00:26 . 2012-11-29 00:26 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-11-29 00:26 . 2012-11-29 00:26 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2012-11-29 00:26 . 2012-11-29 00:26 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2012-11-28 20:20 . 2012-11-28 20:24 -------- d-----w- C:\Rooter$ 2012-11-27 18:53 . 2012-11-27 18:54 309320 ----a-w- c:\windows\SysWow64\drivers\TrufosAlt.sys 2012-11-27 18:53 . 2012-11-27 18:54 287304 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys 2012-11-27 15:58 . 2012-12-01 15:53 -------- d-----w- c:\program files\CCleaner 2012-11-27 15:24 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-27 15:24 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-27 15:24 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-27 15:24 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-27 06:44 . 2012-11-27 07:02 -------- d-----w- C:\bd_logs 2012-11-27 02:43 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-11-27 02:43 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS 2012-11-27 02:41 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS 2012-11-26 23:12 . 2012-11-26 23:12 27136 ----a-w- c:\windows\system32\bddel.exe 2012-11-26 22:34 . 2012-12-01 15:39 -------- d-----w- c:\programdata\Malwarebytes 2012-11-26 21:00 . 2012-12-01 15:39 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-26 19:42 . 2012-12-01 15:54 -------- d-----w- c:\windows\SysWow64\Wat 2012-11-26 19:42 . 2012-12-01 15:54 -------- d-----w- c:\windows\system32\Wat 2012-11-26 16:31 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-26 16:31 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-26 16:31 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-26 16:31 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-26 16:31 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-26 16:31 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-26 16:31 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-26 16:22 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-11-26 16:22 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-11-26 16:22 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-11-26 16:22 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-11-26 16:22 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-11-26 01:23 . 2012-12-01 15:38 -------- d-----w- c:\program files\Intel Corporation 2012-11-25 17:41 . 2012-11-25 18:00 -------- d-----w- c:\programdata\HitmanPro 2012-11-25 16:45 . 2012-11-25 16:45 -------- d-----w- c:\program files\Windows Live 2012-11-25 16:44 . 2012-11-25 16:44 -------- d-----w- c:\windows\PCHEALTH 2012-11-25 16:44 . 2012-12-01 15:53 -------- d-----w- c:\program files (x86)\Windows Live 2012-11-25 16:36 . 2012-11-25 16:36 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-11-25 16:25 . 2012-12-01 15:35 -------- d-----w- c:\program files (x86)\Common Files\Windows Live 2012-11-25 15:40 . 2012-11-25 15:40 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-25 15:40 . 2012-11-25 15:40 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-25 15:40 . 2012-11-25 15:40 -------- d-----w- c:\windows\SysWow64\Macromed 2012-11-25 15:40 . 2012-11-25 15:40 -------- d-----w- c:\windows\system32\Macromed 2012-11-25 15:29 . 2012-11-25 15:29 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-11-25 15:21 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll 2012-11-25 15:20 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-11-25 15:19 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-11-25 15:18 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-11-25 15:17 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll 2012-11-25 15:09 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-11-25 15:09 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-11-25 15:09 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-11-25 15:06 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-11-25 15:06 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-11-25 15:06 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2012-11-25 15:06 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-11-25 15:05 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-11-25 15:05 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-11-25 15:05 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-11-25 15:05 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-11-25 15:05 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-11-25 15:05 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-11-25 15:05 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-11-25 15:05 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-11-25 15:03 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-11-25 15:03 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-11-25 15:01 . 2012-11-25 15:01 -------- d-----w- c:\program files (x86)\GUMED0C.tmp 2012-11-25 14:53 . 2012-12-01 15:53 -------- d-----w- c:\program files\Google 2012-11-25 14:52 . 2012-11-25 14:52 -------- d-----w- c:\program files (x86)\GUM3F2D.tmp 2012-11-25 14:52 . 2012-12-01 15:53 -------- d-----w- c:\program files (x86)\Google 2012-11-25 14:46 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-11-25 14:46 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-11-25 14:46 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-11-25 14:46 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-11-25 14:46 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-11-25 14:46 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-11-25 14:46 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-11-25 14:46 . 2012-06-02 23:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-11-25 14:46 . 2012-06-02 23:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-11-25 14:03 . 2012-12-01 15:54 -------- d--h--w- c:\windows\system32\WLANProfiles 2012-11-25 14:03 . 2012-11-25 14:03 -------- d-----w- c:\users\Public\Roaming 2012-11-25 14:03 . 2012-11-25 14:03 -------- d-----w- c:\users\Default\Roaming 2012-11-25 14:01 . 2012-12-01 15:53 -------- d-----w- c:\program files\Common Files\Intel 2012-11-25 14:01 . 2012-11-25 14:01 -------- d-----w- c:\program files (x86)\Cisco 2012-11-25 13:59 . 2012-11-25 13:59 -------- d-----w- c:\program files\Dell 2012-11-25 03:48 . 2012-12-01 15:53 -------- d-----w- C:\System Recovery 2012-11-25 03:47 . 2012-12-01 15:53 -------- d-----w- C:\Emergency 2012-11-25 02:12 . 2012-11-25 02:12 -------- d-----w- c:\programdata\SupportSoft 2012-11-25 02:12 . 2012-11-25 02:12 -------- d-----w- c:\programdata\PCDr 2012-11-25 02:12 . 2012-11-25 02:12 -------- d-----w- c:\program files (x86)\Dell Support Center 2012-11-25 02:12 . 2012-11-25 02:12 -------- d-----w- c:\program files (x86)\Common Files\supportsoft 2012-11-25 02:12 . 2012-11-25 13:59 -------- d-----w- c:\programdata\Dell 2012-11-25 02:09 . 2009-09-04 17:24 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys 2012-11-25 02:09 . 2012-12-01 15:53 -------- d-----w- c:\program files (x86)\Common Files\Telespree 2012-11-25 02:09 . 2012-11-25 02:09 -------- d-----w- c:\program files (x86)\Verizon Wireless 2012-11-25 02:09 . 2012-11-25 02:09 -------- d-----w- c:\program files (x86)\Telespree 2012-11-25 02:09 . 2012-11-25 02:09 -------- d-----w- c:\programdata\Novatel Wireless 2012-11-25 02:09 . 2012-11-25 02:09 -------- d-----w- c:\programdata\AT&T 2012-11-25 02:09 . 2012-11-25 02:09 -------- d-----w- c:\program files (x86)\Novatel Wireless 2012-11-25 02:09 . 2012-11-25 02:09 -------- d-----w- c:\program files (x86)\AT&T 2012-11-25 02:05 . 2012-12-01 17:14 -------- d-----w- c:\program files (x86)\Intel 2012-11-25 02:00 . 2012-11-25 02:00 -------- d-----w- c:\windows\SysWow64\RTCOM 2012-11-25 02:00 . 2012-11-25 02:00 -------- d-----w- c:\program files\Realtek 2012-11-25 00:58 . 2012-12-01 15:39 -------- d-----w- c:\programdata\Intel 2012-11-25 00:57 . 2012-11-25 14:04 -------- d-----w- c:\program files\Intel 2012-11-24 23:57 . 2012-11-25 02:08 -------- d-----w- c:\program files (x86)\Dell 2012-11-24 23:57 . 2012-11-24 23:57 -------- d-----w- c:\windows\SysWow64\vmm32 2012-11-24 22:45 . 2012-11-24 22:45 -------- d-----w- c:\programdata\BDLogging 2012-11-24 22:45 . 2009-07-15 00:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-16 08:38 . 2012-11-27 23:29 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 23:29 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 23:29 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-10 10:22 . 2012-10-10 10:22 80384 ----a-w- c:\windows\system32\igdde64.dll 2012-10-10 10:22 . 2012-10-10 10:22 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc 2012-10-10 10:22 . 2012-10-10 10:22 216064 ----a-w- c:\windows\system32\iglhcp64.dll 2012-10-10 10:22 . 2012-10-10 10:22 180224 ----a-w- c:\windows\SysWow64\iglhcp32.dll 2012-10-10 10:22 . 2012-10-10 10:22 5903392 ----a-w- c:\windows\system32\GfxUI.exe 2012-10-10 10:22 . 2012-10-10 10:22 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll 2012-10-10 10:22 . 2012-10-10 10:22 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc 2012-10-10 10:22 . 2012-10-10 10:22 438272 ----a-w- c:\windows\system32\igfxrhun.lrc 2012-10-10 10:22 . 2012-10-10 10:22 3776512 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll 2012-10-10 10:22 . 2012-10-10 10:22 10673664 ----a-w- c:\windows\SysWow64\ig4icd32.dll 2012-10-10 10:22 . 2012-10-10 10:22 64512 ----a-w- c:\windows\SysWow64\igdde32.dll 2012-10-10 10:22 . 2012-10-10 10:22 501760 ----a-w- c:\windows\system32\igfxcmrt64.dll 2012-10-10 10:22 . 2012-10-10 10:22 439296 ----a-w- c:\windows\system32\igfxrrus.lrc 2012-10-10 10:22 . 2012-10-10 10:22 431104 ----a-w- c:\windows\system32\igfxrkor.lrc 2012-10-10 10:22 . 2012-10-10 10:22 410624 ----a-w- c:\windows\system32\igfxTMM.dll 2012-10-10 10:22 . 2012-10-10 10:22 12836864 ----a-w- c:\windows\system32\igd10umd64.dll 2012-10-10 10:22 . 2012-10-10 10:22 110592 ----a-w- c:\windows\system32\hccutils.dll 2012-10-10 10:22 . 2012-10-10 10:22 330240 ----a-w- c:\windows\SysWow64\igfxdv32.dll 2012-10-10 10:22 . 2012-10-10 10:22 12604416 ----a-w- c:\windows\system32\igdumd64.dll 2012-10-10 10:22 . 2012-10-10 10:22 441888 ----a-w- c:\windows\system32\igfxpers.exe 2012-10-10 10:22 . 2012-10-10 10:22 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc 2012-10-10 10:22 . 2012-10-10 10:22 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc 2012-10-10 10:22 . 2012-10-10 10:22 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll 2012-10-10 10:22 . 2012-10-10 10:22 9007616 ----a-w- c:\windows\system32\igfxress.dll 2012-10-10 10:22 . 2012-10-10 10:22 63488 ----a-w- c:\windows\system32\igfxsrvc.dll 2012-10-10 10:22 . 2012-10-10 10:22 5343584 ----a-w- c:\windows\system32\drivers\igdkmd64.sys 2012-10-10 10:22 . 2012-10-10 10:22 448512 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll 2012-10-10 10:22 . 2012-10-10 10:22 441856 ----a-w- c:\windows\system32\igfxdev.dll 2012-10-10 10:22 . 2012-10-10 10:22 438784 ----a-w- c:\windows\system32\igfxrnld.lrc 2012-10-10 10:22 . 2012-10-10 10:22 399392 ----a-w- c:\windows\system32\hkcmd.exe 2012-10-10 10:22 . 2012-10-10 10:22 272928 ----a-w- c:\windows\system32\igvpkrng600.bin 2012-10-10 10:22 . 2012-10-10 10:22 126976 ----a-w- c:\windows\system32\igfxcpl.cpl 2012-10-10 10:22 . 2012-10-10 10:22 116224 ----a-w- c:\windows\system32\igfxCoIn_v2867.dll 2012-10-10 10:22 . 2012-10-10 10:22 604160 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll 2012-10-10 10:22 . 2012-10-10 10:22 4571136 ----a-w- c:\windows\system32\igfxcmjit64.dll 2012-10-10 10:22 . 2012-10-10 10:22 439808 ----a-w- c:\windows\system32\igfxresn.lrc 2012-10-10 10:22 . 2012-10-10 10:22 439296 ----a-w- c:\windows\system32\igfxrrom.lrc 2012-10-10 10:22 . 2012-10-10 10:22 437760 ----a-w- c:\windows\system32\igfxrsve.lrc 2012-10-10 10:22 . 2012-10-10 10:22 437760 ----a-w- c:\windows\system32\igfxrslv.lrc 2012-10-10 10:22 . 2012-10-10 10:22 437760 ----a-w- c:\windows\system32\igfxrnor.lrc 2012-10-10 10:22 . 2012-10-10 10:22 437248 ----a-w- c:\windows\system32\igfxrdan.lrc 2012-10-10 10:22 . 2012-10-10 10:22 277024 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe 2012-10-10 10:22 . 2012-10-10 10:22 185376 ----a-w- c:\windows\system32\difx64.exe 2012-10-10 10:22 . 2012-10-10 10:22 173568 ----a-w- c:\windows\system32\gfxSrvc.dll 2012-10-10 10:22 . 2012-10-10 10:22 12887040 ----a-w- c:\windows\system32\ig4icd64.dll 2012-10-10 10:22 . 2012-10-10 10:22 435712 ----a-w- c:\windows\system32\igfxrheb.lrc 2012-10-10 10:22 . 2012-10-10 10:22 429056 ----a-w- c:\windows\system32\igfxrcht.lrc 2012-10-10 10:22 . 2012-10-10 10:22 171040 ----a-w- c:\windows\system32\igfxtray.exe 2012-10-10 10:22 . 2012-10-10 10:22 11158528 ----a-w- c:\windows\SysWow64\igd10umd32.dll 2012-10-10 10:22 . 2012-10-10 10:22 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll 2012-10-10 10:22 . 2012-10-10 10:22 509984 ----a-w- c:\windows\system32\igfxsrvc.exe 2012-10-10 10:22 . 2012-10-10 10:22 440320 ----a-w- c:\windows\system32\igfxrell.lrc 2012-10-10 10:22 . 2012-10-10 10:22 438784 ----a-w- c:\windows\system32\igfxrptg.lrc 2012-10-10 10:22 . 2012-10-10 10:22 438784 ----a-w- c:\windows\system32\igfxrplk.lrc 2012-10-10 10:22 . 2012-10-10 10:22 438784 ----a-w- c:\windows\system32\igfxrita.lrc 2012-10-10 10:22 . 2012-10-10 10:22 438272 ----a-w- c:\windows\system32\igfxrfin.lrc 2012-10-10 10:22 . 2012-10-10 10:22 437248 ----a-w- c:\windows\system32\igfxrtha.lrc 2012-10-10 10:22 . 2012-10-10 10:22 428544 ----a-w- c:\windows\system32\igfxrchs.lrc 2012-10-10 10:22 . 2012-10-10 10:22 286208 ----a-w- c:\windows\system32\igfxrenu.lrc 2012-10-10 10:22 . 2012-10-10 10:22 142336 ----a-w- c:\windows\system32\igfxdo.dll 2012-10-10 10:22 . 2012-10-10 10:22 963452 ----a-w- c:\windows\system32\igcodeckrng600.bin 2012-10-10 10:22 . 2012-10-10 10:22 482304 ----a-w- c:\windows\system32\igfx11cmrt64.dll 2012-10-10 10:22 . 2012-10-10 10:22 386048 ----a-w- c:\windows\system32\igfxpph.dll 2012-10-10 10:22 . 2012-10-10 10:22 524800 ----a-w- c:\windows\system32\iglhsip64.dll 2012-10-10 10:22 . 2012-10-10 10:22 438784 ----a-w- c:\windows\system32\igfxrsky.lrc 2012-10-10 10:22 . 2012-10-10 10:22 435712 ----a-w- c:\windows\system32\igfxrara.lrc 2012-10-10 10:22 . 2012-10-10 10:22 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc 2012-10-10 10:22 . 2012-10-10 10:22 28672 ----a-w- c:\windows\system32\igfxexps.dll 2012-10-10 10:22 . 2012-10-10 10:22 252448 ----a-w- c:\windows\system32\igfxext.exe 2012-10-10 10:22 . 2012-10-10 10:22 11040256 ----a-w- c:\windows\SysWow64\igdumd32.dll 2012-10-10 10:22 . 2012-10-10 10:22 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll 2012-10-10 10:22 . 2012-10-10 10:22 439808 ----a-w- c:\windows\system32\igfxrfra.lrc 2012-10-10 10:22 . 2012-10-10 10:22 437760 ----a-w- c:\windows\system32\igfxrptb.lrc . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-25 39408] "Akamai NetSession Interface"="c:\users\Norm 2\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WSED"="c:\program files (x86)\WSED\WSED.exe" [2009-05-27 247080] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] ="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-03-15 198144] R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2012-08-10 35256] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-06-26 272688] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-26 1255736] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-15 659976] S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-04-24 135952] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-09-04 82432] S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-06-26 3325232] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-03-15 198144] S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-10-26 75264] S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-10-26 173568] S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2010-10-26 81408] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2012-08-10 25528] S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-14 95744] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-14 212992] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\system32\DRIVERS\usb3Hub.sys [2012-08-10 48096] S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys [2012-08-10 188384] . . Contents of the 'Scheduled Tasks' folder . 2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-25 15:40] . 2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 14:52] . 2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 14:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = Trusted Zone: dell.com TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{30861252-112E-48F6-8630-6E25E8AA6A2C}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{394E9F84-92E2-4F00-B847-65EB4B9B8137}: NameServer = 8.26.56.26,156.154.70.22 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run- - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-800581336-4103718171-1207583122-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-800581336-4103718171-1207583122-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] Denied: (A 2) (Everyone) ="FlashBroker" "LocalizedString"="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] ="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] Denied: (A 2) (Everyone) ="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] ="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] Denied: (A 2) (Everyone) ="FlashBroker" "LocalizedString"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] ="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] Denied: (A 2) (Everyone) ="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] ="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] ="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] ="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] ="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] ="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] ="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] ="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] Denied: (A 2) (Everyone) ="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] ="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] ="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] ="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] ="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] ="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] ="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] Denied: (A 2) (Everyone) ="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] ="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] ="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] Denied: (Full) (Everyone) . Completion time: 2012-12-01 09:41:54 ComboFix-quarantined-files.txt 2012-12-01 17:41 ComboFix2.txt 2012-11-28 23:54 ComboFix3.txt 2012-11-28 00:31 ComboFix4.txt 2012-11-27 18:17 ComboFix5.txt 2012-12-01 17:34 . Pre-Run: 595,053,076,480 bytes free Post-Run: 594,967,019,520 bytes free . - - End Of File - - F6D68AD5A4BC977D1AB10D9C2FC5C7A5 Well, that sucks. The only thing I can think of doing is what Dave Lembke suggested; go back to Dell and tell them the computer is malfunctioning.OK Dave. Well it's been fun. Thanks a lot for all your time and effort. Quote from: Valorus on December 01, 2012, 05:36:57 PM OK Dave. Well it's been fun. Thanks a lot for all your time and effort. Please let me know how it turns out?Hi Dave; I got a new computer from Dell and a healthy dose of paranoia. I still have the old one that has malware imbedded in flash memory? I replaced the hard drive with a new one, replaced the ram and still have the virus. If you or anyone else has any ideas on how to begin, I'd sure appreciate it. Replacing the motherboard wouldn't really be cost effective and I hate to throw it away or strip it for parts. Any ideas, let me know. This is a Dell N7010, Win 7, i5 w/4GB ram. Thanks for all your help, Norm Quote I still have the old one that has malware imbedded in flash memory? I replaced the hard drive with a new one, replaced the ram and still have the virus. What makes you think you have malware? None of the scans indicate that possibility.Hi Dave; Well, to begin with, I'm unable to reinstall Win 7. It starts normally then slows gradually until it stops completely. Any USB or SD cards, no matter what's on them read as though they're empty. The drivers associated with the wireless adapter are missing and any attempts to reinstall them fail. I'm not sure this is in the bios, but it MUST be in flash memory somewhere. HDD reformatting, or even a new hard drive didn't get rid of whatever this is. I've tried Bitdefender, Comodo and Avast (not at the same time), and they all fail during a scan. This isn't the three day old computer, Dell kindly took care of that, it's the one it replaced. Disk wiping programs won't run on this machine, I have to use a clean one. I eventually used a new 200GB HDD with brand new memory and the virus was still there, so I'm really at a loss. I don't WANT to take any more of your time and patience, from what we've done earlier I know enough to get myself in serious trouble, Dell techs in India recommended I replace the motherboard but I don't know if it's worth it. Thanks for listening; Norm If it is, indeed, a BIOS infection, it's the first time I've run up against it. Please try running this scanner and post the log. Also, you can read more about such a problem as this here. They recommend downloading and installing a new BIOS.I only called it a bios infection because it locked the security settings. I can't find a scanner.Sorry. Malwarebytes' Anti-Rootkit Please download Malwarebytes' Anti-Rootkit and save it to your desktop. Be sure to print out and follow the INSTRUCTIONS provided on that same page for performing a scan. Caution: This is a beta version so also read the disclaimer and back up all your data before using. When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer. Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder. Copy and paste the contents of these two log files in your next reply. I replaced the bios and everything is "NORMAL" now. Malwarebytes found nothing so I guess this computer will be for the grandkids when they come, I won't be able to trust it for quite a while, but at least it's running. I can't thank you enough for all the time you put into this project, Dave. I can SEE how many folks you're helping and don't know how you do it. I don't suppose you do plumbing? Malwarebytes Anti-Rootkit 1.01.0.1011 www.malwarebytes.org Database version: v2012.12.16.02 Windows 7 x64 FAT32 Internet Explorer 8.0.7600.16385 Norm orig :: NORMORIG-PC [administrator] 12/15/2012 6:22:10 PM mbar-log-2012-12-15 (18-22-10).txt Scan type: Quick scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM \| P2P Scan options disabled: Objects scanned: 41332 Time elapsed: 6 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Quote I replaced the bios and everything is "normal" now. Malwarebytes found nothing so I guess this computer will be for the grandkids when they come, I won't be able to trust it for quite a while, but at least it's running. Good job. Congrats. You now have a new BIOS and new hard drive so it should be just like a new computer. I will provide some information about keeping your computer safe while on-line below. As you may have read there was a very good chance that your BIOS was infected in-house. Quote Dave. I can see how many folks you're helping and don't know how you do it. I don't suppose you do plumbing? Yup, plumbing, carpentry, electrical, new floors, ceramics and I'll provide some background music if you need it. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Answer»

It was a disaster, Dave. repair was slooow, system restore gave error msg 0800700b7, it rebooted
in the middle of restore, then would't recognize the flash drive. I did do a scan in windows, if that
would do any good.Here's a new ComboFix file FWIW:ComboFix 12-11-27.01 - Norm 2 12/01/2012 9:35.10.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.6429 [GMT -8:00]
Running from: c:\users\Norm 2\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1354379020.bdinstall.bin
c:\users\Norm 2\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))
.
.
2012-12-01 17:40 . 2012-12-01 17:40   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-12-01 17:14 . 2010-10-04 21:02   53248   ----a-w-   c:\windows\SysWow64\CSVer.dll
2012-12-01 16:52 . 2012-12-01 16:51   972264   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BA8C9AF-6C65-4D17-9847-45A30348F0BF}\gapaengine.dll
2012-12-01 16:51 . 2012-11-08 17:24   9125352   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF7B37FF-777F-4996-ABAB-34DE0061EAC1}\mpengine.dll
2012-12-01 16:45 . 2012-12-01 16:45   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2012-12-01 16:45 . 2012-12-01 16:46   --------   d-----w-   c:\program files\Microsoft Security Client
2012-12-01 16:37 . 2012-11-19 09:01   9125352   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{06F992C3-3D7B-45EC-A587-B0F1E84849D2}\mpengine.dll
2012-12-01 16:07 . 2012-12-01 16:07   --------   d-----w-   c:\programdata\Citrix
2012-12-01 16:06 . 2012-12-01 16:06   --------   d-----w-   c:\program files (x86)\Citrix
2012-12-01 05:46 . 2012-12-01 06:00   4096000   ----a-w-   c:\program files (x86)\GUTAF42.tmp
2012-12-01 04:56 . 2012-12-01 05:05   --------   d-----w-   C:\FRST
2012-11-30 02:12 . 2012-11-30 02:12   --------   d-----w-   C:\AV Tools
2012-11-30 02:12 . 2012-11-30 02:12   --------   d-----w-   C:\httpdownload.comodo.comlps4lps-gb-x86.msi
2012-11-29 00:35 . 2012-11-29 00:35   --------   d-----w-   c:\programdata\CPA_VA
2012-11-29 00:27 . 2012-12-01 16:31   --------   d-----w-   c:\programdata\Comodo
2012-11-29 00:26 . 2012-12-01 16:43   --------   d-----w-   c:\program files (x86)\Comodo
2012-11-29 00:26 . 2012-11-29 00:26   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2012-11-29 00:26 . 2012-11-29 00:26   1700352   ----a-w-   c:\windows\SysWow64\gdiplus.dll
2012-11-29 00:26 . 2012-11-29 00:26   1060864   ----a-w-   c:\windows\SysWow64\mfc71.dll
2012-11-28 20:20 . 2012-11-28 20:24   --------   d-----w-   C:\Rooter$
2012-11-27 18:53 . 2012-11-27 18:54   309320   ----a-w-   c:\windows\SysWow64\drivers\TrufosAlt.sys
2012-11-27 18:53 . 2012-11-27 18:54   287304   ----a-w-   c:\windows\system32\drivers\TrufosAlt.sys
2012-11-27 15:58 . 2012-12-01 15:53   --------   d-----w-   c:\program files\CCleaner
2012-11-27 15:24 . 2012-07-26 04:47   2560   ----a-w-   c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-27 15:24 . 2012-07-26 04:55   785512   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2012-11-27 15:24 . 2012-07-26 04:55   54376   ----a-w-   c:\windows\system32\drivers\WdfLdr.sys
2012-11-27 15:24 . 2012-07-26 02:36   9728   ----a-w-   c:\windows\system32\Wdfres.dll
2012-11-27 06:44 . 2012-11-27 07:02   --------   d-----w-   C:\bd_logs
2012-11-27 02:43 . 2012-07-06 20:07   552960   ----a-w-   c:\windows\system32\drivers\bthport.sys
2012-11-27 02:43 . 2011-04-28 03:54   80384   ----a-w-   c:\windows\system32\drivers\BTHUSB.SYS
2012-11-27 02:41 . 2011-03-11 04:37   91648   ----a-w-   c:\windows\system32\drivers\USBSTOR.SYS
2012-11-26 23:12 . 2012-11-26 23:12   27136   ----a-w-   c:\windows\system32\bddel.exe
2012-11-26 22:34 . 2012-12-01 15:39   --------   d-----w-   c:\programdata\Malwarebytes
2012-11-26 21:00 . 2012-12-01 15:39   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-11-26 19:42 . 2012-12-01 15:54   --------   d-----w-   c:\windows\SysWow64\Wat
2012-11-26 19:42 . 2012-12-01 15:54   --------   d-----w-   c:\windows\system32\Wat
2012-11-26 16:31 . 2012-07-26 03:08   84992   ----a-w-   c:\windows\system32\WUDFSvc.dll
2012-11-26 16:31 . 2012-07-26 02:26   87040   ----a-w-   c:\windows\system32\drivers\WUDFPf.sys
2012-11-26 16:31 . 2012-07-26 02:26   198656   ----a-w-   c:\windows\system32\drivers\WUDFRd.sys
2012-11-26 16:31 . 2012-07-26 03:08   229888   ----a-w-   c:\windows\system32\WUDFHost.exe
2012-11-26 16:31 . 2012-07-26 03:08   744448   ----a-w-   c:\windows\system32\WUDFx.dll
2012-11-26 16:31 . 2012-07-26 03:08   45056   ----a-w-   c:\windows\system32\WUDFCoinstaller.dll
2012-11-26 16:31 . 2012-07-26 03:08   194048   ----a-w-   c:\windows\system32\WUDFPlatform.dll
2012-11-26 16:22 . 2012-03-01 06:46   23408   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-11-26 16:22 . 2012-03-01 06:33   81408   ----a-w-   c:\windows\system32\imagehlp.dll
2012-11-26 16:22 . 2012-03-01 06:28   5120   ----a-w-   c:\windows\system32\wmi.dll
2012-11-26 16:22 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\SysWow64\imagehlp.dll
2012-11-26 16:22 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
2012-11-26 01:23 . 2012-12-01 15:38   --------   d-----w-   c:\program files\Intel Corporation
2012-11-25 17:41 . 2012-11-25 18:00   --------   d-----w-   c:\programdata\HitmanPro
2012-11-25 16:45 . 2012-11-25 16:45   --------   d-----w-   c:\program files\Windows Live
2012-11-25 16:44 . 2012-11-25 16:44   --------   d-----w-   c:\windows\PCHEALTH
2012-11-25 16:44 . 2012-12-01 15:53   --------   d-----w-   c:\program files (x86)\Windows Live
2012-11-25 16:36 . 2012-11-25 16:36   --------   d-----w-   c:\program files (x86)\Microsoft.NET
2012-11-25 16:25 . 2012-12-01 15:35   --------   d-----w-   c:\program files (x86)\Common Files\Windows Live
2012-11-25 15:40 . 2012-11-25 15:40   73656   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-25 15:40 . 2012-11-25 15:40   697272   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-25 15:40 . 2012-11-25 15:40   --------   d-----w-   c:\windows\SysWow64\Macromed
2012-11-25 15:40 . 2012-11-25 15:40   --------   d-----w-   c:\windows\system32\Macromed
2012-11-25 15:29 . 2012-11-25 15:29   --------   d-----w-   c:\program files (x86)\Microsoft Silverlight
2012-11-25 15:21 . 2011-03-11 06:34   1359872   ----a-w-   c:\windows\system32\mfc42u.dll
2012-11-25 15:20 . 2012-10-03 17:56   1914248   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-11-25 15:19 . 2012-05-01 05:40   209920   ----a-w-   c:\windows\system32\profsvc.dll
2012-11-25 15:18 . 2012-03-17 07:58   75120   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-11-25 15:17 . 2011-10-15 06:31   723456   ----a-w-   c:\windows\system32\EncDec.dll
2012-11-25 15:09 . 2012-02-17 06:38   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-11-25 15:09 . 2012-02-17 05:34   826880   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-11-25 15:09 . 2012-02-17 04:57   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2012-11-25 15:06 . 2012-02-11 06:43   751104   ----a-w-   c:\windows\system32\win32spl.dll
2012-11-25 15:06 . 2012-02-11 06:36   559104   ----a-w-   c:\windows\system32\spoolsv.exe
2012-11-25 15:06 . 2012-02-11 06:36   67072   ----a-w-   c:\windows\splwow64.exe
2012-11-25 15:06 . 2012-02-11 05:43   492032   ----a-w-   c:\windows\SysWow64\win32spl.dll
2012-11-25 15:05 . 2011-11-17 06:41   1731920   ----a-w-   c:\windows\system32\ntdll.dll
2012-11-25 15:05 . 2011-11-17 05:38   1292080   ----a-w-   c:\windows\SysWow64\ntdll.dll
2012-11-25 15:05 . 2012-06-02 05:41   184320   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-11-25 15:05 . 2012-06-02 05:41   140288   ----a-w-   c:\windows\system32\cryptnet.dll
2012-11-25 15:05 . 2012-06-02 05:41   1464320   ----a-w-   c:\windows\system32\crypt32.dll
2012-11-25 15:05 . 2012-06-02 04:36   1159680   ----a-w-   c:\windows\SysWow64\crypt32.dll
2012-11-25 15:05 . 2012-06-02 04:36   140288   ----a-w-   c:\windows\SysWow64\cryptsvc.dll
2012-11-25 15:05 . 2012-06-02 04:36   103936   ----a-w-   c:\windows\SysWow64\cryptnet.dll
2012-11-25 15:03 . 2011-11-19 14:58   77312   ----a-w-   c:\windows\system32\packager.dll
2012-11-25 15:03 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\SysWow64\packager.dll
2012-11-25 15:01 . 2012-11-25 15:01   --------   d-----w-   c:\program files (x86)\GUMED0C.tmp
2012-11-25 14:53 . 2012-12-01 15:53   --------   d-----w-   c:\program files\Google
2012-11-25 14:52 . 2012-11-25 14:52   --------   d-----w-   c:\program files (x86)\GUM3F2D.tmp
2012-11-25 14:52 . 2012-12-01 15:53   --------   d-----w-   c:\program files (x86)\Google
2012-11-25 14:46 . 2012-06-02 22:19   2428952   ----a-w-   c:\windows\system32\wuaueng.dll
2012-11-25 14:46 . 2012-06-02 22:19   57880   ----a-w-   c:\windows\system32\wuauclt.exe
2012-11-25 14:46 . 2012-06-02 22:19   44056   ----a-w-   c:\windows\system32\wups2.dll
2012-11-25 14:46 . 2012-06-02 22:15   2622464   ----a-w-   c:\windows\system32\wucltux.dll
2012-11-25 14:46 . 2012-06-02 22:19   38424   ----a-w-   c:\windows\system32\wups.dll
2012-11-25 14:46 . 2012-06-02 22:19   701976   ----a-w-   c:\windows\system32\wuapi.dll
2012-11-25 14:46 . 2012-06-02 22:15   99840   ----a-w-   c:\windows\system32\wudriver.dll
2012-11-25 14:46 . 2012-06-02 23:19   186752   ----a-w-   c:\windows\system32\wuwebv.dll
2012-11-25 14:46 . 2012-06-02 23:15   36864   ----a-w-   c:\windows\system32\wuapp.exe
2012-11-25 14:03 . 2012-12-01 15:54   --------   d--h--w-   c:\windows\system32\WLANProfiles
2012-11-25 14:03 . 2012-11-25 14:03   --------   d-----w-   c:\users\Public\Roaming
2012-11-25 14:03 . 2012-11-25 14:03   --------   d-----w-   c:\users\Default\Roaming
2012-11-25 14:01 . 2012-12-01 15:53   --------   d-----w-   c:\program files\Common Files\Intel
2012-11-25 14:01 . 2012-11-25 14:01   --------   d-----w-   c:\program files (x86)\Cisco
2012-11-25 13:59 . 2012-11-25 13:59   --------   d-----w-   c:\program files\Dell
2012-11-25 03:48 . 2012-12-01 15:53   --------   d-----w-   C:\System Recovery
2012-11-25 03:47 . 2012-12-01 15:53   --------   d-----w-   C:\Emergency
2012-11-25 02:12 . 2012-11-25 02:12   --------   d-----w-   c:\programdata\SupportSoft
2012-11-25 02:12 . 2012-11-25 02:12   --------   d-----w-   c:\programdata\PCDr
2012-11-25 02:12 . 2012-11-25 02:12   --------   d-----w-   c:\program files (x86)\Dell Support Center
2012-11-25 02:12 . 2012-11-25 02:12   --------   d-----w-   c:\program files (x86)\Common Files\supportsoft
2012-11-25 02:12 . 2012-11-25 13:59   --------   d-----w-   c:\programdata\Dell
2012-11-25 02:09 . 2009-09-04 17:24   41280   ----a-w-   c:\windows\system32\drivers\PCASp50a64.sys
2012-11-25 02:09 . 2012-12-01 15:53   --------   d-----w-   c:\program files (x86)\Common Files\Telespree
2012-11-25 02:09 . 2012-11-25 02:09   --------   d-----w-   c:\program files (x86)\Verizon Wireless
2012-11-25 02:09 . 2012-11-25 02:09   --------   d-----w-   c:\program files (x86)\Telespree
2012-11-25 02:09 . 2012-11-25 02:09   --------   d-----w-   c:\programdata\Novatel Wireless
2012-11-25 02:09 . 2012-11-25 02:09   --------   d-----w-   c:\programdata\AT&T
2012-11-25 02:09 . 2012-11-25 02:09   --------   d-----w-   c:\program files (x86)\Novatel Wireless
2012-11-25 02:09 . 2012-11-25 02:09   --------   d-----w-   c:\program files (x86)\AT&T
2012-11-25 02:05 . 2012-12-01 17:14   --------   d-----w-   c:\program files (x86)\Intel
2012-11-25 02:00 . 2012-11-25 02:00   --------   d-----w-   c:\windows\SysWow64\RTCOM
2012-11-25 02:00 . 2012-11-25 02:00   --------   d-----w-   c:\program files\Realtek
2012-11-25 00:58 . 2012-12-01 15:39   --------   d-----w-   c:\programdata\Intel
2012-11-25 00:57 . 2012-11-25 14:04   --------   d-----w-   c:\program files\Intel
2012-11-24 23:57 . 2012-11-25 02:08   --------   d-----w-   c:\program files (x86)\Dell
2012-11-24 23:57 . 2012-11-24 23:57   --------   d-----w-   c:\windows\SysWow64\vmm32
2012-11-24 22:45 . 2012-11-24 22:45   --------   d-----w-   c:\programdata\BDLogging
2012-11-24 22:45 . 2009-07-15 00:21   1721576   ----a-w-   c:\windows\system32\WdfCoInstaller01009.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 08:38 . 2012-11-27 23:29   135168   ----a-w-   c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 23:29   350208   ----a-w-   c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 23:29   561664   ----a-w-   c:\windows\apppatch\AcLayers.dll
2012-10-10 10:22 . 2012-10-10 10:22   80384   ----a-w-   c:\windows\system32\igdde64.dll
2012-10-10 10:22 . 2012-10-10 10:22   437760   ----a-w-   c:\windows\system32\igfxrtrk.lrc
2012-10-10 10:22 . 2012-10-10 10:22   216064   ----a-w-   c:\windows\system32\iglhcp64.dll
2012-10-10 10:22 . 2012-10-10 10:22   180224   ----a-w-   c:\windows\SysWow64\iglhcp32.dll
2012-10-10 10:22 . 2012-10-10 10:22   5903392   ----a-w-   c:\windows\system32\GfxUI.exe
2012-10-10 10:22 . 2012-10-10 10:22   519680   ----a-w-   c:\windows\SysWow64\iglhsip32.dll
2012-10-10 10:22 . 2012-10-10 10:22   438784   ----a-w-   c:\windows\system32\igfxrdeu.lrc
2012-10-10 10:22 . 2012-10-10 10:22   438272   ----a-w-   c:\windows\system32\igfxrhun.lrc
2012-10-10 10:22 . 2012-10-10 10:22   3776512   ----a-w-   c:\windows\SysWow64\igfxcmjit32.dll
2012-10-10 10:22 . 2012-10-10 10:22   10673664   ----a-w-   c:\windows\SysWow64\ig4icd32.dll
2012-10-10 10:22 . 2012-10-10 10:22   64512   ----a-w-   c:\windows\SysWow64\igdde32.dll
2012-10-10 10:22 . 2012-10-10 10:22   501760   ----a-w-   c:\windows\system32\igfxcmrt64.dll
2012-10-10 10:22 . 2012-10-10 10:22   439296   ----a-w-   c:\windows\system32\igfxrrus.lrc
2012-10-10 10:22 . 2012-10-10 10:22   431104   ----a-w-   c:\windows\system32\igfxrkor.lrc
2012-10-10 10:22 . 2012-10-10 10:22   410624   ----a-w-   c:\windows\system32\igfxTMM.dll
2012-10-10 10:22 . 2012-10-10 10:22   12836864   ----a-w-   c:\windows\system32\igd10umd64.dll
2012-10-10 10:22 . 2012-10-10 10:22   110592   ----a-w-   c:\windows\system32\hccutils.dll
2012-10-10 10:22 . 2012-10-10 10:22   330240   ----a-w-   c:\windows\SysWow64\igfxdv32.dll
2012-10-10 10:22 . 2012-10-10 10:22   12604416   ----a-w-   c:\windows\system32\igdumd64.dll
2012-10-10 10:22 . 2012-10-10 10:22   441888   ----a-w-   c:\windows\system32\igfxpers.exe
2012-10-10 10:22 . 2012-10-10 10:22   438784   ----a-w-   c:\windows\system32\igfxrhrv.lrc
2012-10-10 10:22 . 2012-10-10 10:22   438272   ----a-w-   c:\windows\system32\igfxrcsy.lrc
2012-10-10 10:22 . 2012-10-10 10:22   25088   ----a-w-   c:\windows\SysWow64\igfxexps32.dll
2012-10-10 10:22 . 2012-10-10 10:22   9007616   ----a-w-   c:\windows\system32\igfxress.dll
2012-10-10 10:22 . 2012-10-10 10:22   63488   ----a-w-   c:\windows\system32\igfxsrvc.dll
2012-10-10 10:22 . 2012-10-10 10:22   5343584   ----a-w-   c:\windows\system32\drivers\igdkmd64.sys
2012-10-10 10:22 . 2012-10-10 10:22   448512   ----a-w-   c:\windows\SysWow64\igfx11cmrt32.dll
2012-10-10 10:22 . 2012-10-10 10:22   441856   ----a-w-   c:\windows\system32\igfxdev.dll
2012-10-10 10:22 . 2012-10-10 10:22   438784   ----a-w-   c:\windows\system32\igfxrnld.lrc
2012-10-10 10:22 . 2012-10-10 10:22   399392   ----a-w-   c:\windows\system32\hkcmd.exe
2012-10-10 10:22 . 2012-10-10 10:22   272928   ----a-w-   c:\windows\system32\igvpkrng600.bin
2012-10-10 10:22 . 2012-10-10 10:22   126976   ----a-w-   c:\windows\system32\igfxcpl.cpl
2012-10-10 10:22 . 2012-10-10 10:22   116224   ----a-w-   c:\windows\system32\igfxCoIn_v2867.dll
2012-10-10 10:22 . 2012-10-10 10:22   604160   ----a-w-   c:\windows\SysWow64\igfxcmrt32.dll
2012-10-10 10:22 . 2012-10-10 10:22   4571136   ----a-w-   c:\windows\system32\igfxcmjit64.dll
2012-10-10 10:22 . 2012-10-10 10:22   439808   ----a-w-   c:\windows\system32\igfxresn.lrc
2012-10-10 10:22 . 2012-10-10 10:22   439296   ----a-w-   c:\windows\system32\igfxrrom.lrc
2012-10-10 10:22 . 2012-10-10 10:22   437760   ----a-w-   c:\windows\system32\igfxrsve.lrc
2012-10-10 10:22 . 2012-10-10 10:22   437760   ----a-w-   c:\windows\system32\igfxrslv.lrc
2012-10-10 10:22 . 2012-10-10 10:22   437760   ----a-w-   c:\windows\system32\igfxrnor.lrc
2012-10-10 10:22 . 2012-10-10 10:22   437248   ----a-w-   c:\windows\system32\igfxrdan.lrc
2012-10-10 10:22 . 2012-10-10 10:22   277024   ----a-w-   c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-10-10 10:22 . 2012-10-10 10:22   185376   ----a-w-   c:\windows\system32\difx64.exe
2012-10-10 10:22 . 2012-10-10 10:22   173568   ----a-w-   c:\windows\system32\gfxSrvc.dll
2012-10-10 10:22 . 2012-10-10 10:22   12887040   ----a-w-   c:\windows\system32\ig4icd64.dll
2012-10-10 10:22 . 2012-10-10 10:22   435712   ----a-w-   c:\windows\system32\igfxrheb.lrc
2012-10-10 10:22 . 2012-10-10 10:22   429056   ----a-w-   c:\windows\system32\igfxrcht.lrc
2012-10-10 10:22 . 2012-10-10 10:22   171040   ----a-w-   c:\windows\system32\igfxtray.exe
2012-10-10 10:22 . 2012-10-10 10:22   11158528   ----a-w-   c:\windows\SysWow64\igd10umd32.dll
2012-10-10 10:22 . 2012-10-10 10:22   94208   ----a-w-   c:\windows\system32\IccLibDll_x64.dll
2012-10-10 10:22 . 2012-10-10 10:22   509984   ----a-w-   c:\windows\system32\igfxsrvc.exe
2012-10-10 10:22 . 2012-10-10 10:22   440320   ----a-w-   c:\windows\system32\igfxrell.lrc
2012-10-10 10:22 . 2012-10-10 10:22   438784   ----a-w-   c:\windows\system32\igfxrptg.lrc
2012-10-10 10:22 . 2012-10-10 10:22   438784   ----a-w-   c:\windows\system32\igfxrplk.lrc
2012-10-10 10:22 . 2012-10-10 10:22   438784   ----a-w-   c:\windows\system32\igfxrita.lrc
2012-10-10 10:22 . 2012-10-10 10:22   438272   ----a-w-   c:\windows\system32\igfxrfin.lrc
2012-10-10 10:22 . 2012-10-10 10:22   437248   ----a-w-   c:\windows\system32\igfxrtha.lrc
2012-10-10 10:22 . 2012-10-10 10:22   428544   ----a-w-   c:\windows\system32\igfxrchs.lrc
2012-10-10 10:22 . 2012-10-10 10:22   286208   ----a-w-   c:\windows\system32\igfxrenu.lrc
2012-10-10 10:22 . 2012-10-10 10:22   142336   ----a-w-   c:\windows\system32\igfxdo.dll
2012-10-10 10:22 . 2012-10-10 10:22   963452   ----a-w-   c:\windows\system32\igcodeckrng600.bin
2012-10-10 10:22 . 2012-10-10 10:22   482304   ----a-w-   c:\windows\system32\igfx11cmrt64.dll
2012-10-10 10:22 . 2012-10-10 10:22   386048   ----a-w-   c:\windows\system32\igfxpph.dll
2012-10-10 10:22 . 2012-10-10 10:22   524800   ----a-w-   c:\windows\system32\iglhsip64.dll
2012-10-10 10:22 . 2012-10-10 10:22   438784   ----a-w-   c:\windows\system32\igfxrsky.lrc
2012-10-10 10:22 . 2012-10-10 10:22   435712   ----a-w-   c:\windows\system32\igfxrara.lrc
2012-10-10 10:22 . 2012-10-10 10:22   432128   ----a-w-   c:\windows\system32\igfxrjpn.lrc
2012-10-10 10:22 . 2012-10-10 10:22   28672   ----a-w-   c:\windows\system32\igfxexps.dll
2012-10-10 10:22 . 2012-10-10 10:22   252448   ----a-w-   c:\windows\system32\igfxext.exe
2012-10-10 10:22 . 2012-10-10 10:22   11040256   ----a-w-   c:\windows\SysWow64\igdumd32.dll
2012-10-10 10:22 . 2012-10-10 10:22   9728   ----a-w-   c:\windows\system32\IGFXDEVLib.dll
2012-10-10 10:22 . 2012-10-10 10:22   439808   ----a-w-   c:\windows\system32\igfxrfra.lrc
2012-10-10 10:22 . 2012-10-10 10:22   437760   ----a-w-   c:\windows\system32\igfxrptb.lrc
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-25 39408]
"Akamai NetSession Interface"="c:\users\Norm 2\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WSED"="c:\program files (x86)\WSED\WSED.exe" [2009-05-27 247080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-03-15 198144]
R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2012-08-10 35256]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-06-26 272688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-26 1255736]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-15 659976]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-04-24 135952]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-09-04 82432]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-06-26 3325232]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-03-15 198144]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-10-26 75264]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-10-26 173568]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2010-10-26 81408]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2012-08-10 25528]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-14 95744]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-14 212992]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\system32\DRIVERS\usb3Hub.sys [2012-08-10 48096]
S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys [2012-08-10 188384]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-25 15:40]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 14:52]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 14:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride =
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{30861252-112E-48F6-8630-6E25E8AA6A2C}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{394E9F84-92E2-4F00-B847-65EB4B9B8137}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run- - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-800581336-4103718171-1207583122-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-800581336-4103718171-1207583122-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
Denied: (A 2) (Everyone)
="FlashBroker"
"LocalizedString"="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
Denied: (A 2) (Everyone)
="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
Denied: (A 2) (Everyone)
="FlashBroker"
"LocalizedString"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
Denied: (A 2) (Everyone)
="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
Denied: (Full) (Everyone)
.
Completion time: 2012-12-01 09:41:54
ComboFix-quarantined-files.txt 2012-12-01 17:41
ComboFix2.txt 2012-11-28 23:54
ComboFix3.txt 2012-11-28 00:31
ComboFix4.txt 2012-11-27 18:17
ComboFix5.txt 2012-12-01 17:34
.
Pre-Run: 595,053,076,480 bytes free
Post-Run: 594,967,019,520 bytes free
.
- - End Of File - - F6D68AD5A4BC977D1AB10D9C2FC5C7A5
Well, that sucks. The only thing I can think of doing is what Dave Lembke suggested; go back to Dell and tell them the computer is malfunctioning.OK Dave. Well it's been fun. Thanks a lot for all your time and effort. Quote from: Valorus on December 01, 2012, 05:36:57 PM

OK Dave. Well it's been fun. Thanks a lot for all your time and effort.

Please let me know how it turns out?Hi Dave;

I got a new computer from Dell and a healthy dose of paranoia. I still have the old one that has malware imbedded in flash memory? I replaced the hard drive
with a new one, replaced the ram and still have the virus. If you or anyone else has any ideas on how to begin, I'd sure appreciate it. Replacing the motherboard
wouldn't really be cost effective and I hate to throw it away or strip it for parts. Any ideas, let me know. This is a Dell N7010, Win 7, i5 w/4GB ram.
Thanks for all your help,

Norm Quote

I still have the old one that has malware imbedded in flash memory? I replaced the hard drive
with a new one, replaced the ram and still have the virus.

What makes you think you have malware? None of the scans indicate that possibility.Hi Dave;

Well, to begin with, I'm unable to reinstall Win 7. It starts normally then slows gradually until it stops completely. Any USB or SD cards, no matter what's on
them read as though they're empty. The drivers associated with the wireless adapter are missing and any attempts to reinstall them fail. I'm not sure this
is in the bios, but it MUST be in flash memory somewhere. HDD reformatting, or even a new hard drive didn't get rid of whatever this is. I've tried Bitdefender,
Comodo and Avast (not at the same time), and they all fail during a scan. This isn't the three day old computer, Dell kindly took care of that, it's the one it replaced.
Disk wiping programs won't run on this machine, I have to use a clean one. I eventually used a new 200GB HDD with brand new memory and the virus was
still there, so I'm really at a loss. I don't WANT to take any more of your time and patience, from what we've done earlier I know enough to get myself
in serious trouble, Dell techs in India recommended I replace the motherboard but I don't know if it's worth it.

Thanks for listening;

Norm If it is, indeed, a BIOS infection, it's the first time I've run up against it. Please try running this scanner and post the log. Also, you can read more about such a problem as this here. They recommend downloading and installing a new BIOS.I only called it a bios infection because it locked the security settings. I can't find a scanner.Sorry.
Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the INSTRUCTIONS provided on that same page for performing a scan.
Caution: This is a beta version so also read the disclaimer and back up all your data before using.
When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
Copy and paste the contents of these two log files in your next reply.

I replaced the bios and everything is "NORMAL" now. Malwarebytes found nothing so I guess
this computer will be for the grandkids when they come, I won't be able to trust it for quite a while,
but at least it's running.
I can't thank you enough for all the time you put into this project, Dave. I can SEE how many
folks you're helping and don't know how you do it. I don't suppose you do plumbing?

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.16.02

Windows 7 x64 FAT32
Internet Explorer 8.0.7600.16385
Norm orig :: NORMORIG-PC [administrator]

12/15/2012 6:22:10 PM
mbar-log-2012-12-15 (18-22-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 41332
Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Quote

I replaced the bios and everything is "normal" now. Malwarebytes found nothing so I guess
this computer will be for the grandkids when they come, I won't be able to trust it for quite a while,
but at least it's running.

Good job. Congrats. You now have a new BIOS and new hard drive so it should be just like a new computer. I will provide some information about keeping your computer safe while on-line below. As you may have read there was a very good chance that your BIOS was infected in-house.

Quote

Dave. I can see how many
folks you're helping and don't know how you do it. I don't suppose you do plumbing?

Yup, plumbing, carpentry, electrical, new floors, ceramics and I'll provide some background music if you need it.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Solve : Three day old laptop has bios malware.?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment