Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect in Firefox & IE proxy unfixable after removal of AntiMalware Doctor & others


  • This topic is locked This topic is locked
18 replies to this topic

#1 daemano

daemano

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 30 August 2010 - 03:51 PM

Recently removed AntiMalware Doctor and several other trojans to get my WinXP SP3 PC (Tablet) running ok again. Used TDSSKiller, rkill, Antimalware Bytes, and AVG Free.

Noticed two issues remain (which means there are probably more);

1) Google redirect with Firefox 3.6.8 to " searchthis.net "
2) Unable to save proxy in LAN Settings for IE 8.0.6 (can change them but they are reverted upon browser restart).

Ran Defogger, did a lil searching in the forum on this now here come the logs (attached & copied). If I need to run these again, I'll totally understand thumbup2.gif

gmer = ark.txt
dds = attach.tx, DDS
OTL with "Scan All Users" checked = OTL.txt, Extras.Txt
RKUnhooker with "Drivers" & "Stealth Code" checked in report tab, all others unchecked = Report.txt

Thanks in advance Bleepers!

[codebox]

DDS (Ver_10-03-17.01) - NTFSx86
Run by Manuel at 13:38:40.03 on Mon 08/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1020 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\LS_Duhem\lsdiorw\lsdiorw.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Manuel\Desktop\Defogger.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Documents and Settings\Manuel\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.bing.com/
uSearch Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Evernote] "c:\program files\evernote\evernote3.5\evernote.exe" /minimized
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [MBBalloon] c:\program files\hotalbummybox\MBBalloon.exe
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead movie wizard 3.2 se vcd\uvPL.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"
mRun: [HydraVisionDesktopManager] c:\program files\ati technologies\ati hydravision\HydraDM.exe
mRun: [Snippet] "c:\program files\microsoft experience pack\snipping tool\SnippingTool.exe" /i
mRun: [RAMDef] c:\program files\ram def xt\ramdef.exe -tray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
mRun: [Iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe
mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe /IMGSTART
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Jvipubemojokes] rundll32.exe "c:\windows\ukinucij.dll",Startup
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\manuel\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\manuel\startm~1\programs\startup\penonpc.lnk - c:\program files\penonpc\PENonPC.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mediac~1.lnk - c:\program files\hotalbummybox\MediaChecker.exe
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxp://www.vistatestdrive.com/sp1/ActiveX/VMRCActiveXClient1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129958487939
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\manuel\applic~1\mozilla\firefox\profiles\jlssh8si.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VE3D01&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\manuel\application data\mozilla\firefox\profiles\jlssh8si.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npietab.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {0FC7011A-22A9-46A1-91A0-D98ED23E7ACD} - c:\documents and settings\manuel\local settings\application data\{0FC7011A-22A9-46A1-91A0-D98ED23E7ACD}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101055100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2007-4-24 15172]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-19 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-19 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-19 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-8-19 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-19 308136]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\seagate\sync\SeaSyncServices.exe [2007-1-18 24120]
R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [2005-10-11 17280]
R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [2005-10-11 9600]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2010-8-27 20480]
S1 atitray;atitray;\??\c:\program files\radeon omega drivers\v3.8.205\ati tray tools\atitray.sys --> c:\program files\radeon omega drivers\v3.8.205\ati tray tools\atitray.sys [?]
S1 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\displaylinkmirrorport.sys --> c:\windows\system32\drivers\DisplayLinkmirrorport.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-15 136176]
S3 AR5513;DWL-G650M Super G MIMO Wireless Notebook Adapter;c:\windows\system32\drivers\ar5513.sys [2006-11-30 355488]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2007-9-30 20608]
S3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\displaylinkgaport.sys --> c:\windows\system32\drivers\DisplayLinkGAport.sys [?]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\displaylinkusbport.sys --> c:\windows\system32\drivers\DisplayLinkUsbPort.sys [?]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2005-6-21 69692]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [2007-9-30 477696]
S3 ZD1211BU(WLAN);IEEE 802.11g USB Wireless LAN(WLAN);c:\windows\system32\drivers\ZD1211BU.sys [2007-9-30 477696]
UnknownUnknown klmd24;klmd24; [x]

=============== Created Last 30 ================

2010-08-30 16:21:18 0 ----a-w- c:\documents and settings\manuel\defogger_reenable
2010-08-28 12:11:15 2843 ----a-w- c:\windows\arofeworit.dll
2010-08-28 10:07:15 2843 ----a-w- c:\windows\ejawoniqivuxege.dll
2010-08-28 09:55:37 2843 ----a-w- c:\windows\urucejox.dll
2010-08-28 07:52:41 2843 ----a-w- c:\windows\ayawuhuq.dll
2010-08-28 06:06:59 2843 ----a-w- c:\windows\arigawopikebeg.dll
2010-08-28 05:42:38 0 d-----w- c:\docume~1\manuel\applic~1\Malwarebytes
2010-08-28 05:36:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-28 05:36:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-28 05:36:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-28 05:36:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-28 02:39:56 2843 ----a-w- c:\windows\osupemiyuvacas.dll
2010-08-28 01:46:36 2843 ----a-w- c:\windows\ekefevinuyozewah.dll
2010-08-28 01:27:31 2843 ----a-w- c:\windows\igasuket.dll
2010-08-27 21:07:21 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2010-08-27 20:21:37 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-08-27 20:20:02 1033728 ----a-w- c:\windows\explorer.exe
2010-08-27 15:51:53 2838 ----a-w- c:\windows\onevuniw.dll
2010-08-27 12:52:47 2838 ----a-w- c:\windows\akoqegay.dll
2010-08-27 12:17:50 2838 ----a-w- c:\windows\axonekulemuna.dll
2010-08-27 11:38:47 2838 ----a-w- c:\windows\ulizeqijiwaw.dll
2010-08-27 10:25:29 2704 ----a-w- c:\windows\lsrslt.ini
2010-08-27 07:52:27 2838 ----a-w- c:\windows\ehusuxid.dll
2010-08-27 06:21:47 120 ----a-w- c:\windows\Fdoquyeganowet.dat
2010-08-27 06:21:47 0 ----a-w- c:\windows\Lfifulexaheqim.bin
2010-08-27 06:19:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-08-26 16:04:17 30498 ----a-w- c:\documents and settings\manuel\Mail.Com Futura Sign Up - Confirmation.pdf
2010-08-25 08:04:41 0 d-----w- c:\program files\Emerald Editor Community
2010-08-20 01:13:05 0 d--h--w- C:\$AVG
2010-08-20 01:12:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-20 01:12:49 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-20 01:12:42 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-20 01:12:29 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-20 01:08:50 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-08-20 00:47:19 0 d-----w- C:\AVGTemp
2010-08-20 00:17:31 0 d-----w- c:\windows\system32\wbem\Repository
2010-08-18 14:58:56 0 d-----w- c:\program files\RingCentral
2010-08-18 14:58:50 0 d-----w- c:\docume~1\alluse~1\applic~1\RingCentral
2010-08-01 20:06:09 853504 ----a-w- c:\windows\system32\rtl100.bpl
2010-08-01 20:06:09 738816 ----a-w- c:\windows\system32\cc3280mt.dll
2010-08-01 20:06:09 676352 ----a-w- c:\windows\system32\rtl60.bpl
2010-08-01 20:06:09 303104 ----a-w- c:\windows\system32\cw3230.dll
2010-08-01 20:06:09 22016 ----a-w- c:\windows\system32\borlndmm.dll
2010-08-01 20:06:09 1874944 ----a-w- c:\windows\system32\vcl100.bpl
2010-08-01 20:06:09 1497088 ----a-w- c:\windows\system32\cc3260mt.dll
2010-08-01 20:06:09 1326080 ----a-w- c:\windows\system32\vcl60.bpl
2010-08-01 20:06:08 0 d-----w- c:\program files\LS_Duhem
2010-08-01 18:07:45 86016 ----a-w- c:\windows\unvise32.exe
2010-08-01 18:06:33 52 ----a-w- c:\windows\WinInit.ini.backup
2010-08-01 18:06:29 0 d-----w- c:\program files\Iomega

==================== Find3M ====================

2010-08-27 22:53:05 19072 ----a-w- c:\windows\system32\drivers\sparrow.sys
2010-07-12 15:13:53 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2005-10-22 04:13:55 0 -csha-w- c:\windows\sminst\HPCD.sys
2005-10-31 00:45:58 104 -csh--r- c:\windows\system32\52A84AD1A0.sys
2008-05-23 05:48:43 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052220080523\index.dat

============= FINISH: 13:39:09.01 ===============

[/codebox]


Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:20 AM

Posted 06 September 2010 - 05:14 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 daemano

daemano
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 07 September 2010 - 04:47 PM

Hi Mole, I'm here, subscribed and tracking. Thanks in advance. -Dae

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:20 AM

Posted 07 September 2010 - 06:36 PM

There must be a rootkit at the heart of this. Please run the following rootkit checkers

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


And then
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 daemano

daemano
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 07 September 2010 - 07:35 PM

Ok here it is.
MBRCheck says it found something
TDSSKiller found nothing (but i had run it with the previous group of Malware killers and objects were found and healed).

MBRcheck log is attached
TDSSKiller log is pasted below
[codebox]2010/09/07 17:30:49.0206 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42
2010/09/07 17:30:49.0206 ================================================================================
2010/09/07 17:30:49.0206 SystemInfo:
2010/09/07 17:30:49.0206
2010/09/07 17:30:49.0206 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/07 17:30:49.0206 Product type: Workstation
2010/09/07 17:30:49.0206 ComputerName: MLPC
2010/09/07 17:30:49.0206 UserName: Manuel
2010/09/07 17:30:49.0206 Windows directory: C:\WINDOWS
2010/09/07 17:30:49.0206 System windows directory: C:\WINDOWS
2010/09/07 17:30:49.0206 Processor architecture: Intel x86
2010/09/07 17:30:49.0206 Number of processors: 1
2010/09/07 17:30:49.0206 Page size: 0x1000
2010/09/07 17:30:49.0206 Boot type: Normal boot
2010/09/07 17:30:49.0206 ================================================================================
2010/09/07 17:30:49.0550 Initialize success
2010/09/07 17:30:52.0769 ================================================================================
2010/09/07 17:30:52.0769 Scan started
2010/09/07 17:30:52.0769 Mode: Manual;
2010/09/07 17:30:52.0769 ================================================================================
2010/09/07 17:30:53.0784 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/09/07 17:30:54.0097 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/07 17:30:54.0331 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/09/07 17:30:54.0644 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/09/07 17:30:55.0003 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/07 17:30:55.0128 AegisP (f498fd605c08404b20a48954c722ff74) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/09/07 17:30:55.0550 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/07 17:30:55.0644 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/07 17:30:55.0925 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/09/07 17:30:56.0378 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/09/07 17:30:56.0612 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/09/07 17:30:57.0066 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/09/07 17:30:57.0425 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/09/07 17:30:57.0706 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/09/07 17:30:58.0034 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/09/07 17:30:58.0269 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/09/07 17:30:58.0706 AR5513 (7fe7c1958b27dc9a92873df24485701b) C:\WINDOWS\system32\DRIVERS\ar5513.sys
2010/09/07 17:30:58.0972 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/07 17:30:59.0331 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/09/07 17:30:59.0534 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/09/07 17:30:59.0831 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/09/07 17:31:00.0206 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/07 17:31:00.0472 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/07 17:31:00.0644 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/09/07 17:31:01.0159 ATITool (1294314049f7cc8bf8ffa11d51458d35) C:\WINDOWS\system32\DRIVERS\ATITool.sys
2010/09/07 17:31:01.0566 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/07 17:31:01.0909 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/07 17:31:02.0284 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2010/09/07 17:31:02.0487 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2010/09/07 17:31:02.0566 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2010/09/07 17:31:02.0659 AX88772 (26a378d112677fb8ae08e1dfcecda44d) C:\WINDOWS\system32\DRIVERS\ax88772.sys
2010/09/07 17:31:02.0925 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/09/07 17:31:03.0284 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/07 17:31:03.0456 BRGSp50 (ee0f41fa0466189a2c8b9caf7d1cddd5) C:\WINDOWS\system32\Drivers\BRGSp50.sys
2010/09/07 17:31:03.0737 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/09/07 17:31:04.0003 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2010/09/07 17:31:04.0191 CAMCAUD (cce1f3c7c8e7383b90372229454999cf) C:\WINDOWS\system32\drivers\camc6aud.sys
2010/09/07 17:31:04.0253 CAMCHALA (9a3bbde74dab737efa82de7ef4b40bea) C:\WINDOWS\system32\drivers\camc6hal.sys
2010/09/07 17:31:04.0487 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/09/07 17:31:05.0191 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/07 17:31:05.0253 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/07 17:31:05.0581 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/09/07 17:31:05.0941 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/07 17:31:06.0144 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/07 17:31:06.0487 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/07 17:31:06.0909 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/07 17:31:07.0191 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/09/07 17:31:07.0550 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/07 17:31:07.0894 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/09/07 17:31:08.0269 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/09/07 17:31:08.0566 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/09/07 17:31:08.0941 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/07 17:31:09.0534 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/07 17:31:09.0909 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/07 17:31:10.0175 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/07 17:31:10.0566 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/07 17:31:10.0706 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/09/07 17:31:10.0956 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/07 17:31:11.0081 el575nd5 (23f6b9cf432f492ebbd8105d78cb008c) C:\WINDOWS\system32\DRIVERS\el575nd5.sys
2010/09/07 17:31:11.0487 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2010/09/07 17:31:11.0800 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/07 17:31:12.0050 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/09/07 17:31:12.0378 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/09/07 17:31:12.0472 FinePnt (93beba27f93c5190bd318fae465c27ef) C:\WINDOWS\system32\DRIVERS\FpHidDrv.sys
2010/09/07 17:31:12.0894 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/07 17:31:13.0175 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/07 17:31:13.0581 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/07 17:31:13.0956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/07 17:31:14.0222 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/07 17:31:14.0503 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/07 17:31:14.0862 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/07 17:31:15.0128 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/09/07 17:31:15.0612 HSFHWICH (e7bcc7ec37dd2dd36a39bb9ac87a897b) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/09/07 17:31:15.0847 HSF_DPV (822c60f2abee73a0e089230d94064f39) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/09/07 17:31:16.0378 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/07 17:31:16.0441 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/09/07 17:31:16.0691 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/09/07 17:31:17.0019 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/07 17:31:17.0378 iaStor (79ae2a97c120f282845d854d0f070ea9) C:\WINDOWS\system32\drivers\iaStor.sys
2010/09/07 17:31:17.0472 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/07 17:31:17.0894 incdrm (195a22bc8674090ccce5c3e2b7d96aca) C:\WINDOWS\system32\drivers\incdrm.sys
2010/09/07 17:31:18.0128 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/09/07 17:31:18.0503 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/07 17:31:18.0753 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/07 17:31:19.0159 iomdisk (9d7069d72c0c72952f05e1688a5ae89d) C:\WINDOWS\system32\DRIVERS\iomdisk.sys
2010/09/07 17:31:19.0722 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/07 17:31:19.0972 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/07 17:31:20.0456 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/07 17:31:20.0644 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/07 17:31:21.0050 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/07 17:31:21.0237 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/07 17:31:21.0425 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/07 17:31:21.0784 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
2010/09/07 17:31:22.0034 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/07 17:31:22.0331 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/07 17:31:22.0519 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/07 17:31:22.0597 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/07 17:31:22.0706 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/09/07 17:31:22.0816 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/09/07 17:31:23.0034 LUsbFilt (d42aa9f3baf17b2e7b0135c741f0be36) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2010/09/07 17:31:23.0456 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2010/09/07 17:31:23.0534 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/09/07 17:31:24.0003 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/09/07 17:31:24.0456 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
2010/09/07 17:31:24.0862 MDC8021X (8fee53c104223973ed9919936d9cd156) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2010/09/07 17:31:25.0175 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/09/07 17:31:25.0566 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/07 17:31:25.0862 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/07 17:31:26.0128 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/07 17:31:26.0378 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/07 17:31:26.0753 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/07 17:31:27.0019 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2010/09/07 17:31:27.0347 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/09/07 17:31:27.0597 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/07 17:31:27.0706 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/07 17:31:27.0847 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/07 17:31:28.0112 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/07 17:31:28.0425 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/07 17:31:28.0706 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/07 17:31:29.0050 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/07 17:31:29.0331 MSTabBtn (8c15f3eefbfa8cf345f5e420558dd24c) C:\WINDOWS\system32\DRIVERS\MSTabBtn.sys
2010/09/07 17:31:29.0753 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/07 17:31:30.0003 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/07 17:31:30.0394 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/07 17:31:30.0659 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/07 17:31:31.0066 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/07 17:31:31.0425 ndisrd (1359b200974395679b092f1d5f63cfa9) C:\WINDOWS\system32\DRIVERS\ndisrd.sys
2010/09/07 17:31:31.0831 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/07 17:31:32.0097 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/07 17:31:32.0159 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/07 17:31:32.0534 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/07 17:31:32.0800 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/07 17:31:33.0269 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/07 17:31:33.0597 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/07 17:31:33.0956 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/07 17:31:34.0284 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/07 17:31:34.0659 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/07 17:31:34.0925 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/07 17:31:35.0128 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/07 17:31:35.0534 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/07 17:31:35.0941 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/09/07 17:31:36.0128 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/07 17:31:36.0441 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/07 17:31:36.0534 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/07 17:31:36.0816 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/07 17:31:37.0237 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/09/07 17:31:37.0628 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/09/07 17:31:38.0128 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/09/07 17:31:38.0378 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/07 17:31:38.0472 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/07 17:31:38.0847 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/07 17:31:39.0081 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/07 17:31:39.0128 PzWDM (36cf3653d367cbc72a38625543f3d4d1) C:\WINDOWS\system32\Drivers\PzWDM.sys
2010/09/07 17:31:39.0472 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/09/07 17:31:39.0628 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/09/07 17:31:39.0784 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/09/07 17:31:40.0019 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/09/07 17:31:40.0394 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/09/07 17:31:40.0597 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/07 17:31:40.0987 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/07 17:31:41.0237 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/07 17:31:41.0409 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/07 17:31:41.0784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/07 17:31:42.0034 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/07 17:31:42.0269 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/07 17:31:42.0753 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/07 17:31:42.0972 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/07 17:31:43.0253 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/09/07 17:31:43.0566 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/09/07 17:31:43.0769 s24trans (85a26a3bb748dfd3170cdbf45b0dd7fd) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/09/07 17:31:44.0034 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/09/07 17:31:44.0456 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/07 17:31:44.0550 Ser2pl (6ce397c482bede91a38e56a8c4a0dc6d) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2010/09/07 17:31:44.0847 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/07 17:31:45.0128 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/07 17:31:45.0347 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/09/07 17:31:45.0675 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/09/07 17:31:46.0003 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/07 17:31:46.0222 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/09/07 17:31:46.0409 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/07 17:31:46.0487 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/07 17:31:46.0769 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/07 17:31:46.0847 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/07 17:31:47.0081 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/07 17:31:47.0487 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/07 17:31:47.0566 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/09/07 17:31:47.0909 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/09/07 17:31:48.0253 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/09/07 17:31:48.0487 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/09/07 17:31:48.0706 SynTP (f02ac372911f034b56182dc4bd6cb3af) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/09/07 17:31:49.0050 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/07 17:31:49.0144 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/07 17:31:49.0206 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/07 17:31:49.0425 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/07 17:31:49.0753 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/07 17:31:50.0003 tifm21 (a900f20ac0ed38223fbb87d2884cafb9) C:\WINDOWS\system32\drivers\tifm21.sys
2010/09/07 17:31:50.0253 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/09/07 17:31:50.0847 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/07 17:31:51.0097 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/09/07 17:31:51.0409 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/07 17:31:51.0691 USB28xxBGA (56b0b784e0ed3b6a9beb67f63cd6d4a2) C:\WINDOWS\system32\DRIVERS\emBDA.sys
2010/09/07 17:31:52.0081 USB28xxOEM (d74634509e22ea69692ea173586db8e6) C:\WINDOWS\system32\DRIVERS\emOEM.sys
2010/09/07 17:31:52.0378 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/07 17:31:52.0659 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/07 17:31:53.0034 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/07 17:31:53.0300 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/07 17:31:53.0550 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/07 17:31:53.0909 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/07 17:31:54.0159 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/07 17:31:54.0331 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/07 17:31:54.0534 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/09/07 17:31:54.0769 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/07 17:31:55.0003 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/09/07 17:31:55.0409 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/09/07 17:31:55.0691 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/07 17:31:56.0175 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2010/09/07 17:31:56.0909 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/07 17:31:57.0191 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/09/07 17:31:57.0284 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/07 17:31:57.0503 winachsf (5ea185425bfcbc2d4b96d673d8c4deaf) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/09/07 17:31:57.0784 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/07 17:31:58.0128 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/07 17:31:58.0347 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/07 17:31:58.0675 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/07 17:31:59.0081 ZD1211BU(SMC) (154fe6a5a608cd725266877901e883c2) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
2010/09/07 17:31:59.0222 ZD1211BU(WLAN) (154fe6a5a608cd725266877901e883c2) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
2010/09/07 17:31:59.0300 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
2010/09/07 17:31:59.0566 ================================================================================
2010/09/07 17:31:59.0566 Scan finished
2010/09/07 17:31:59.0566 ================================================================================[/codebox]

Attached Files


Edited by daemano, 07 September 2010 - 07:38 PM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:20 AM

Posted 07 September 2010 - 07:46 PM

The MBR has been rewritten.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:If you do not have a recovery disk then please burn one as shown here


Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your operating system, and then press Enter.
  • when asked Do you want to fix the MRB code? type in YES and press enter
  • Restart your PC.
After you restart the PC
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Posted Image
m0le is a proud member of UNITE

#7 daemano

daemano
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 07 September 2010 - 08:21 PM

Thanks Mole,

Did the above and this is the new MBRCheck output file. By the way, the redirect appears to be gone now.

[codebox]MBRCheck, version 1.2.3
2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 192):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 aliide.sys
0xBA5AE000 cmdide.sys
0xBA5B0000 toside.sys
0xBA5B2000 viaide.sys
0xBA5B4000 intelide.sys
0xB9F4A000 pcmcia.sys
0xBA0D8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0E8000 VolSnap.sys
0xBA4C8000 cpqarray.sys
0xB9F13000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB9E3E000 iaStor.sys
0xB9E26000 atapi.sys
0xBA4CC000 aha154x.sys
0xBA338000 sparrow.sys
0xBA4D0000 symc810.sys
0xBA0F8000 aic78xx.sys
0xBA4D4000 dac960nt.sys
0xBA108000 ql10wnt.sys
0xBA4D8000 amsint.sys
0xBA340000 asc.sys
0xBA4DC000 asc3550.sys
0xBA348000 mraid35x.sys
0xBA350000 i2omp.sys
0xBA4E0000 ini910u.sys
0xBA118000 ql1240.sys
0xBA128000 aic78u2.sys
0xBA358000 symc8xx.sys
0xBA360000 sym_hi.sys
0xBA368000 sym_u3.sys
0xBA370000 ABP480N5.SYS
0xBA378000 asc3350p.sys
0xBA5B6000 cd20xrnt.sys
0xBA138000 ultra.sys
0xB9E0D000 adpu160m.sys
0xBA380000 dpti2o.sys
0xBA148000 ql1080.sys
0xBA158000 ql1280.sys
0xBA168000 ql12160.sys
0xBA388000 perc2.sys
0xBA5B8000 perc2hib.sys
0xBA390000 hpn.sys
0xBA4E4000 cbidf2k.sys
0xB9DE1000 dac2w2k.sys
0xBA178000 disk.sys
0xBA188000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DC1000 fltmgr.sys
0xB9DAF000 sr.sys
0xBA198000 PxHelp20.sys
0xBA4E8000 PzWDM.sys
0xB9D98000 KSecDD.sys
0xB9D85000 WudfPf.sys
0xB9CF8000 Ntfs.sys
0xB9CCB000 NDIS.sys
0xBA1A8000 sisagp.sys
0xBA1B8000 viaagp.sys
0xB9CB1000 Mup.sys
0xBA1C8000 alim1541.sys
0xBA1D8000 amdagp.sys
0xBA1E8000 agp440.sys
0xBA1F8000 agpCPQ.sys
0xBA398000 iomdisk.sys
0xBA594000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA228000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9052000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8F86000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8F39000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8DC9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA408000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB87E4000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xB87BD000 \SystemRoot\system32\drivers\tifm21.sys
0xB87A9000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB86DA000 \SystemRoot\system32\drivers\camc6hal.sys
0xB9680000 \SystemRoot\system32\drivers\camc6aud.sys
0xB8681000 \SystemRoot\system32\drivers\portcls.sys
0xB9660000 \SystemRoot\system32\drivers\drmk.sys
0xB859A000 \SystemRoot\system32\drivers\ks.sys
0xB852C000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xB81DF000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB7F32000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA4A8000 \SystemRoot\System32\Drivers\Modem.SYS
0xB9C61000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA470000 \SystemRoot\system32\DRIVERS\FpHidDrv.sys
0xB9C41000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA3D8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB9C31000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB7EC4000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA60C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA468000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB9C21000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9C11000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA218000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA4B0000 \SystemRoot\System32\Drivers\incdrm.SYS
0xBA5A0000 \SystemRoot\system32\DRIVERS\MSTabBtn.sys
0xB7E87000 \SystemRoot\system32\DRIVERS\iwca.sys
0xBA7E0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA238000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9B87000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7E70000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA248000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA258000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA430000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB7E5F000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA268000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA498000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA488000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA278000 \SystemRoot\system32\DRIVERS\ndisrd.sys
0xB7E2F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA288000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA614000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7DD1000 \SystemRoot\system32\DRIVERS\update.sys
0xB9704000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB7D7B000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
0xB96F8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA2A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA2D8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB7D53000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB3586000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA460000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xBA318000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xAFE56000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB3582000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA5C6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA753000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5D8000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3C0000 \SystemRoot\System32\drivers\vga.sys
0xBA5E4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5E6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3E8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3F0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB357E000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAFDD3000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAFD7A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAFD40000 \SystemRoot\System32\Drivers\avgtdix.sys
0xAFCF2000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9CA1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAF6A2000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAF680000 \SystemRoot\System32\drivers\afd.sys
0xAF861000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAF655000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAF5E5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAF851000 \SystemRoot\System32\Drivers\Fips.SYS
0xAFDFE000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xAF14C000 \SystemRoot\System32\Drivers\avgldx86.sys
0xA6E93000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA6DBE000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB358E000 \SystemRoot\System32\drivers\Dxapi.sys
0xAD246000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7E8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF055000 \SystemRoot\System32\ati2cqag.dll
0xBF09A000 \SystemRoot\System32\atikvmag.dll
0xBF0DC000 \SystemRoot\System32\ati3duag.dll
0xBF37D000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAB941000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAB172000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xAB166000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xAEC77000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA41D4000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA4143000 \SystemRoot\System32\Drivers\HTTP.sys
0xA4074000 \SystemRoot\system32\DRIVERS\srv.sys
0xA4004000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA3E2F000 \SystemRoot\system32\drivers\wdmaud.sys
0xB96E0000 \SystemRoot\system32\drivers\sysaudio.sys
0xA3F64000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA3B8F000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xB31CD000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 71):
0 System Idle Process
4 System
1280 C:\WINDOWS\system32\smss.exe
1424 csrss.exe
1452 C:\WINDOWS\system32\winlogon.exe
1496 C:\WINDOWS\system32\services.exe
1508 C:\WINDOWS\system32\lsass.exe
1656 C:\WINDOWS\system32\ati2evxx.exe
1672 C:\WINDOWS\system32\svchost.exe
1792 svchost.exe
1832 C:\WINDOWS\system32\svchost.exe
1864 C:\WINDOWS\system32\svchost.exe
1928 C:\Program Files\AVG\AVG9\avgchsvx.exe
1936 C:\Program Files\AVG\AVG9\avgrsx.exe
1992 C:\Program Files\Common Files\Microsoft Shared\Ink\keyboardsurrogate.exe
284 C:\Program Files\AVG\AVG9\avgcsrvx.exe
324 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
380 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
416 C:\WINDOWS\system32\acs.exe
560 svchost.exe
788 svchost.exe
1084 C:\WINDOWS\system32\spoolsv.exe
1160 svchost.exe
1200 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1948 C:\WINDOWS\system32\svchost.exe
444 C:\PROGRA~1\Iomega\System32\AppServices.exe
464 C:\Program Files\Java\jre6\bin\jqs.exe
604 C:\Program Files\LS_Duhem\lsdiorw\lsdiorw.exe
1372 C:\Program Files\AVG\AVG9\avgnsx.exe
2092 C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
2112 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
2152 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
2172 C:\WINDOWS\system32\wisptis.exe
2280 sqlservr.exe
2288 C:\WINDOWS\system32\ati2evxx.exe
2328 C:\WINDOWS\system32\tabbtnu.exe
2400 C:\WINDOWS\system32\ctfmon.exe
2584 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
2596 C:\WINDOWS\explorer.exe
2732 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2792 C:\Program Files\Seagate\Sync\SeaSyncServices.exe
2812 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
2968 sqlbrowser.exe
3100 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3148 C:\WINDOWS\system32\svchost.exe
3200 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
3276 C:\Program Files\Iomega\AutoDisk\ADService.exe
3424 C:\Program Files\AVG\AVG9\avgemc.exe
3460 C:\Program Files\Common Files\Microsoft Shared\Ink\tcserver.exe
3472 wmpnetwk.exe
3488 C:\WINDOWS\system32\wuauclt.exe
3580 C:\Program Files\AVG\AVG9\avgcsrvx.exe
216 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
2192 alg.exe
2208 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2808 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
1356 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
2552 C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
4300 C:\Program Files\RAM Def XT\RAMDef.exe
4512 C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
4588 C:\Program Files\Iomega\DriveIcons\Imgicon.exe
4636 C:\PROGRA~1\AVG\AVG9\avgtray.exe
5100 C:\Program Files\Windows Media Player\wmpnscfg.exe
5508 C:\Program Files\Evernote\Evernote3.5\Evernote.exe
1352 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
4840 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
4868 C:\Program Files\Logitech\SetPoint\SetPoint.exe
4448 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
5848 PresentationFontCache.exe
5444 C:\Program Files\Mozilla Firefox\firefox.exe
4428 C:\Documents and Settings\Manuel\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`770d7a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: FUJITSUMHT2060BH, Rev: 0000104A

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 404EE7AF26413A95EC66E48CEA12BE1B17A7171E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done![/codebox]

Edited by daemano, 07 September 2010 - 08:23 PM.


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:20 AM

Posted 07 September 2010 - 08:24 PM

We're not there yet though, daemano.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 daemano

daemano
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 07 September 2010 - 08:46 PM

QUOTE(m0le @ Sep 7 2010, 06:24 PM) View Post
We're not there yet though, daemano.


Merely reporting the changes in system behavior. Running comfix now. Thanks again for your assistance, it's been lightning fast. thumbup.gif


#10 daemano

daemano
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 07 September 2010 - 10:20 PM

Combofix has been running for about 1hr and 30mins now (started at about 6:45 pst). Is this normal?

Edited by daemano, 07 September 2010 - 10:21 PM.


#11 daemano

daemano
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 07 September 2010 - 11:18 PM

2 hours in, system unresponsive. Shut down, restart, made sure all antivirus/antimalware and firewall was off, and restarted combofix. running now.

QUOTE(daemano @ Sep 7 2010, 08:20 PM) View Post
Combofix has been running for about 1hr and 30mins now (started at about 6:45 pst). Is this normal?



#12 daemano

daemano
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 07 September 2010 - 11:38 PM

Computer rebooted itself about 5 minutes into the Combofix scan. Upon restart there was a windows dialogue box that said the computer had recovered from a serious error. No Combofix.txt log file created.

Ran Combofix again, same result about 5 minutes computer reboots. Upon windows loading get "windows has recovered from a serious error" dialogue box, and gives the following error code info:

[codebox]
Error Signature
BCCode : 100000d1 BCP1 : 00000018 BCP2 : 00000002 BCP3 : 00000000
BCP4 : B9E4D25D OSVer : 5_1_2600 SP : 3_0 Product : 256_1

Technical Information about error report
The following files will be included in this error report:
C:\DOCUME~1\Manuel\LOCALS~1\Temp\WER25b0.dir00\Mini090710-02.dmp
C:\DOCUME~1\Manuel\LOCALS~1\Temp\WER25b0.dir00\sysdata.xml
[/codebox]

Re-enabling Antivirus and Firewall. Will wait for advisement before running again.

Thanks much still and look forward to hearing from you again

Dae



QUOTE(daemano @ Sep 7 2010, 09:18 PM) View Post
2 hours in, system unresponsive. Shut down, restart, made sure all antivirus/antimalware and firewall was off, and restarted combofix. running now.

QUOTE(daemano @ Sep 7 2010, 08:20 PM) View Post
Combofix has been running for about 1hr and 30mins now (started at about 6:45 pst). Is this normal?


Edited by daemano, 07 September 2010 - 11:42 PM.


#13 daemano

daemano
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 08 September 2010 - 09:35 AM

Good Morning.

Another status update. I noticed that the google redirect is back. This is one stubborn kit. smile.gif


QUOTE(daemano @ Sep 7 2010, 09:38 PM) View Post
Computer rebooted itself about 5 minutes into the Combofix scan. Upon restart there was a windows dialogue box that said the computer had recovered from a serious error. No Combofix.txt log file created.

Ran Combofix again, same result about 5 minutes computer reboots. Upon windows loading get "windows has recovered from a serious error" dialogue box, and gives the following error code info:

[codebox]
Error Signature
BCCode : 100000d1 BCP1 : 00000018 BCP2 : 00000002 BCP3 : 00000000
BCP4 : B9E4D25D OSVer : 5_1_2600 SP : 3_0 Product : 256_1

Technical Information about error report
The following files will be included in this error report:
C:\DOCUME~1\Manuel\LOCALS~1\Temp\WER25b0.dir00\Mini090710-02.dmp
C:\DOCUME~1\Manuel\LOCALS~1\Temp\WER25b0.dir00\sysdata.xml
[/codebox]

Re-enabling Antivirus and Firewall. Will wait for advisement before running again.

Thanks much still and look forward to hearing from you again

Dae



QUOTE(daemano @ Sep 7 2010, 09:18 PM) View Post
2 hours in, system unresponsive. Shut down, restart, made sure all antivirus/antimalware and firewall was off, and restarted combofix. running now.

QUOTE(daemano @ Sep 7 2010, 08:20 PM) View Post
Combofix has been running for about 1hr and 30mins now (started at about 6:45 pst). Is this normal?





#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:20 AM

Posted 08 September 2010 - 04:38 PM

QUOTE
I noticed that the google redirect is back


I was expecting this. This was what I meant by "we're not there yet..."

Please run MBRCheck again and post the log.

Posted Image
m0le is a proud member of UNITE

#15 daemano

daemano
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 09 September 2010 - 05:04 PM

Good afternoon!

Ran MBRCheck just now, here's the output.

[codebox]MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 193):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 aliide.sys
0xBA5AE000 cmdide.sys
0xBA5B0000 toside.sys
0xBA5B2000 viaide.sys
0xBA5B4000 intelide.sys
0xB9F4A000 pcmcia.sys
0xBA0D8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0E8000 VolSnap.sys
0xBA4C8000 cpqarray.sys
0xB9F13000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB9E3E000 iaStor.sys
0xB9E26000 atapi.sys
0xBA4CC000 aha154x.sys
0xBA338000 sparrow.sys
0xBA4D0000 symc810.sys
0xBA0F8000 aic78xx.sys
0xBA4D4000 dac960nt.sys
0xBA108000 ql10wnt.sys
0xBA4D8000 amsint.sys
0xBA340000 asc.sys
0xBA4DC000 asc3550.sys
0xBA348000 mraid35x.sys
0xBA350000 i2omp.sys
0xBA4E0000 ini910u.sys
0xBA118000 ql1240.sys
0xBA128000 aic78u2.sys
0xBA358000 symc8xx.sys
0xBA360000 sym_hi.sys
0xBA368000 sym_u3.sys
0xBA370000 ABP480N5.SYS
0xBA378000 asc3350p.sys
0xBA5B6000 cd20xrnt.sys
0xBA138000 ultra.sys
0xB9E0D000 adpu160m.sys
0xBA380000 dpti2o.sys
0xBA148000 ql1080.sys
0xBA158000 ql1280.sys
0xBA168000 ql12160.sys
0xBA388000 perc2.sys
0xBA5B8000 perc2hib.sys
0xBA390000 hpn.sys
0xBA4E4000 cbidf2k.sys
0xB9DE1000 dac2w2k.sys
0xBA178000 disk.sys
0xBA188000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DC1000 fltmgr.sys
0xB9DAF000 sr.sys
0xBA198000 PxHelp20.sys
0xBA4E8000 PzWDM.sys
0xB9D98000 KSecDD.sys
0xB9D85000 WudfPf.sys
0xB9CF8000 Ntfs.sys
0xB9CCB000 NDIS.sys
0xBA1A8000 sisagp.sys
0xBA1B8000 viaagp.sys
0xB9CB1000 Mup.sys
0xBA1C8000 alim1541.sys
0xBA1D8000 amdagp.sys
0xBA1E8000 agp440.sys
0xBA1F8000 agpCPQ.sys
0xBA398000 iomdisk.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA258000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8FF7000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8DDB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8DBA000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8D56000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3B0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8AF2000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xB8A52000 \SystemRoot\system32\drivers\tifm21.sys
0xB8A1A000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB899F000 \SystemRoot\system32\drivers\camc6hal.sys
0xB9870000 \SystemRoot\system32\drivers\camc6aud.sys
0xB897B000 \SystemRoot\system32\drivers\portcls.sys
0xB9860000 \SystemRoot\system32\drivers\drmk.sys
0xB8958000 \SystemRoot\system32\drivers\ks.sys
0xB8925000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xB8827000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB877B000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA3D8000 \SystemRoot\System32\Drivers\Modem.SYS
0xB9850000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA400000 \SystemRoot\system32\DRIVERS\FpHidDrv.sys
0xB9840000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA4A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB9830000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA408000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB874C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA604000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA458000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB9820000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9810000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9800000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA490000 \SystemRoot\System32\Drivers\incdrm.SYS
0xBA598000 \SystemRoot\system32\DRIVERS\MSTabBtn.sys
0xB870F000 \SystemRoot\system32\DRIVERS\iwca.sys
0xBA71F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9B93000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB86F8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA308000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA318000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA430000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB86E7000 \SystemRoot\system32\DRIVERS\psched.sys
0xB9CA1000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA470000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA468000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9C91000 \SystemRoot\system32\DRIVERS\ndisrd.sys
0xB86B7000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB9C81000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA60C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8631000 \SystemRoot\system32\DRIVERS\update.sys
0xB98AC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8603000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB9C71000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA238000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB3E12000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB3E0E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA438000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xBA278000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB0FF8000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB3E0A000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA5BE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA70A000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5C0000 \SystemRoot\System32\Drivers\Beep.SYS
0xB3FE7000 \SystemRoot\System32\drivers\vga.sys
0xBA5C2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5C4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB3FDF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB3FD7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB3E06000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB0FC5000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB0F6C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB0F32000 \SystemRoot\System32\Drivers\avgtdix.sys
0xB0F0C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA288000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAFA4A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAFA28000 \SystemRoot\System32\drivers\afd.sys
0xB0849000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAF9FD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAF98D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB0839000 \SystemRoot\System32\Drivers\Fips.SYS
0xB1D35000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xAF959000 \SystemRoot\System32\Drivers\avgldx86.sys
0xA8D7C000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA8CA7000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xAE78E000 \SystemRoot\System32\drivers\Dxapi.sys
0xB0C47000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6DE000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF055000 \SystemRoot\System32\ati2cqag.dll
0xBF09A000 \SystemRoot\System32\atikvmag.dll
0xBF0DC000 \SystemRoot\System32\ati3duag.dll
0xBF37D000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB1EFF000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB1EF7000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xACA4D000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xB0677000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA6B12000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA6A5D000 \SystemRoot\system32\drivers\wdmaud.sys
0xB9C31000 \SystemRoot\system32\drivers\sysaudio.sys
0xA67E4000 \SystemRoot\System32\Drivers\HTTP.sys
0xA655D000 \SystemRoot\system32\DRIVERS\srv.sys
0xA65DC000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA642D000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xA63CD000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA91FD000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0x9D80E000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
1280 C:\WINDOWS\system32\smss.exe
1424 csrss.exe
1452 C:\WINDOWS\system32\winlogon.exe
1496 C:\WINDOWS\system32\services.exe
1508 C:\WINDOWS\system32\lsass.exe
1656 C:\WINDOWS\system32\ati2evxx.exe
1672 C:\WINDOWS\system32\svchost.exe
1792 svchost.exe
1836 C:\WINDOWS\system32\svchost.exe
1868 C:\WINDOWS\system32\svchost.exe
1932 C:\Program Files\AVG\AVG9\avgchsvx.exe
1940 C:\Program Files\AVG\AVG9\avgrsx.exe
1996 C:\Program Files\Common Files\Microsoft Shared\Ink\keyboardsurrogate.exe
276 C:\Program Files\AVG\AVG9\avgcsrvx.exe
340 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
380 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
416 C:\WINDOWS\system32\acs.exe
692 svchost.exe
816 svchost.exe
1080 C:\WINDOWS\system32\spoolsv.exe
1164 svchost.exe
1196 C:\Program Files\AVG\AVG9\avgwdsvc.exe
2016 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
336 C:\WINDOWS\system32\wisptis.exe
936 C:\WINDOWS\system32\ati2evxx.exe
972 C:\WINDOWS\system32\tabbtnu.exe
1472 C:\WINDOWS\system32\ctfmon.exe
1736 C:\Program Files\AVG\AVG9\avgnsx.exe
2216 C:\WINDOWS\system32\svchost.exe
2300 C:\WINDOWS\explorer.exe
2316 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
2344 C:\PROGRA~1\Iomega\System32\AppServices.exe
2396 C:\Program Files\Java\jre6\bin\jqs.exe
2532 C:\Program Files\LS_Duhem\lsdiorw\lsdiorw.exe
2964 C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
2976 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
2992 sqlservr.exe
3020 C:\Program Files\Common Files\Microsoft Shared\Ink\tcserver.exe
3100 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
3128 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
3156 C:\Program Files\Seagate\Sync\SeaSyncServices.exe
3220 sqlbrowser.exe
3248 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3292 C:\WINDOWS\system32\svchost.exe
3388 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
3444 C:\Program Files\Iomega\AutoDisk\ADService.exe
3460 C:\Program Files\AVG\AVG9\avgemc.exe
3528 wmpnetwk.exe
3624 C:\Program Files\AVG\AVG9\avgcsrvx.exe
492 alg.exe
1992 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
2228 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3972 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
572 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
4216 C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
4480 C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
4492 C:\Program Files\Iomega\DriveIcons\Imgicon.exe
4584 C:\PROGRA~1\AVG\AVG9\avgtray.exe
5440 C:\Program Files\Windows Media Player\wmpnscfg.exe
5660 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
5900 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
5920 C:\Program Files\Logitech\SetPoint\SetPoint.exe
4564 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
5316 PresentationFontCache.exe
5696 C:\Documents and Settings\Manuel\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`770d7a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: FUJITSUMHT2060BH, Rev: 0000104A

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 404EE7AF26413A95EC66E48CEA12BE1B17A7171E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done![/codebox]




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users