Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with redirect virus


  • This topic is locked This topic is locked
7 replies to this topic

#1 roblee12

roblee12

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 01 October 2010 - 02:18 PM

Hello and thank you in advance for your assistance. I have the "google redirect virus" and have not been successful in removing it. I have tried numerous programs such as hitman pro, malwarebytes, superantispyware etc. None have helped. My laptop tends to work smoothly part of the day, and other times it is so slow I cannot use anything. I do not know if this is the direct cause of the problem, or if there is another underlying virus that I have as well.

I was not able to generate the GMER log. Ran it twice and both times after about an hour my laptop would restart. It would bring me to the "safe mode" screen to select how I wanted windows to start. Showed "windows error" at top of screen. I have already followed all other instructions on the preparation guide. Thank you!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Marty at 12:04:45.85 on Fri 10/01/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.257 [GMT -4:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\AGRSMMSG.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAP\DAP.EXE
C:\Users\Marty\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.2.0.12\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Oxbtmdskd] rundll32 "c:\users\marty\appdata\roaming\mouse7.dll",FLRHXEK
uRun: [Sekd] rundll32 "c:\users\marty\appdata\roaming\msctfp0.dll",FXDPUHRRF
uRun: [Google Update] "c:\users\marty\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\users\marty\appdata\local\windows\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: rapmls.com
DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} - file:///C:/Users/Marty/AppData/Local/Temp/IXP000.TMP/setup.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-4 64160]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-9-13 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-9-13 173104]
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2010-9-15 41816]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2010-9-15 11776]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100901.003\BHDrvx86.sys [2010-8-31 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-9-13 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100930.005\IDSvix86.sys [2010-10-1 344112]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-9-13 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0402000.00c\symtdiv.sys [2010-9-13 339504]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-9-15 1935656]
R2 AAMWService;Ashampoo Anti-Malware Service;c:\program files\ashampoo\ashampoo anti-malware\AAMW_Service.exe [2010-10-1 1309528]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-20 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-20 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-20 60936]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2010-8-9 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2010-8-9 49152]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-8-18 312152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.2.0.12\ccsvchst.exe [2010-9-13 126392]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2010-3-10 247320]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-9-15 71008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-15 102448]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-3-26 21504]

=============== Created Last 30 ================

2010-10-01 15:47:40 0 d-----w- c:\program files\CCleaner
2010-10-01 15:19:40 0 ----a-w- c:\users\marty\defogger_reenable
2010-10-01 15:05:52 0 d-----w- c:\program files\Ashampoo
2010-10-01 14:56:02 0 d-----w- c:\program files\Trend Micro
2010-09-30 21:18:03 0 d-----w- c:\users\marty\appdata\roaming\SUPERAntiSpyware.com
2010-09-30 21:17:56 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-30 15:26:45 0 d-----w- c:\programdata\Brother
2010-09-28 21:28:35 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-23 17:25:18 306688 ----a-w- c:\windows\IsUninst.exe
2010-09-16 18:14:18 0 d-----w- c:\program files\BitTorrent
2010-09-16 18:13:07 0 d-----w- c:\users\marty\appdata\roaming\BitTorrent
2010-09-15 17:39:30 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 17:39:28 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 17:39:27 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 17:39:22 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 14:37:24 0 d-----w- c:\program files\Emsisoft Anti-Malware
2010-09-15 14:31:04 0 d-----w- c:\users\marty\appdata\roaming\Tific
2010-09-15 13:28:36 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-15 13:28:11 0 d-----w- c:\programdata\Hitman Pro
2010-09-15 13:27:50 0 d-----w- c:\program files\Hitman Pro 3.5
2010-09-13 18:11:20 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-13 18:09:22 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-13 18:09:22 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-09-13 18:08:45 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-13 18:08:45 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-13 18:08:44 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-13 18:07:29 0 d-----w- c:\program files\Symantec
2010-09-13 18:05:10 0 d-----w- c:\windows\system32\drivers\N360
2010-09-13 18:04:40 0 d-----w- c:\program files\Norton Security Suite
2010-09-13 17:59:23 0 d-----w- c:\program files\NortonInstaller

==================== Find3M ====================

2010-10-01 15:35:07 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-09-09 14:17:50 130834 ----a-w- c:\windows\hpoins18.dat
2010-08-19 18:26:13 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-19 18:26:12 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-19 18:26:12 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-16 22:50:30 93696 --sha-r- c:\users\marty\appdata\roaming\msctfp0.dll
2010-08-16 22:50:30 93696 --sha-r- c:\users\marty\appdata\roaming\mouse7.dll
2010-07-17 13:59:55 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-11-17 22:12:27 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-04-02 13:58:06 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-26 18:20:00 88 --sh--r- c:\windows\system32\5FDC50ACC0.sys

============= FINISH: 12:09:20.04 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:05 AM

Posted 06 October 2010 - 05:16 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 roblee12

roblee12
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 07 October 2010 - 07:33 AM

Hello Mole! I am here and waiting on instructions. Thanks!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:05 AM

Posted 07 October 2010 - 05:43 PM

Gmer not running is a possible clue to the problem. Please run the following tools.
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Next

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 roblee12

roblee12
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 08 October 2010 - 07:37 AM

TDSSKiller Report:

2010/10/08 08:27:45.0160 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/08 08:27:45.0160 ================================================================================
2010/10/08 08:27:45.0160 SystemInfo:
2010/10/08 08:27:45.0161
2010/10/08 08:27:45.0161 OS Version: 6.0.6002 ServicePack: 2.0
2010/10/08 08:27:45.0161 Product type: Workstation
2010/10/08 08:27:45.0161 ComputerName: MARTY-PC
2010/10/08 08:27:45.0161 UserName: Marty
2010/10/08 08:27:45.0161 Windows directory: C:\Windows
2010/10/08 08:27:45.0161 System windows directory: C:\Windows
2010/10/08 08:27:45.0162 Processor architecture: Intel x86
2010/10/08 08:27:45.0162 Number of processors: 2
2010/10/08 08:27:45.0162 Page size: 0x1000
2010/10/08 08:27:45.0162 Boot type: Normal boot
2010/10/08 08:27:45.0162 ================================================================================
2010/10/08 08:27:51.0103 Initialize success
2010/10/08 08:27:55.0699 ================================================================================
2010/10/08 08:27:55.0699 Scan started
2010/10/08 08:27:55.0699 Mode: Manual;
2010/10/08 08:27:55.0699 ================================================================================
2010/10/08 08:27:58.0754 a2acc (130638992f393300a81e68c56456c533) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
2010/10/08 08:27:58.0810 a2injectiondriver (71b956b8549527534682795187c6c56f) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
2010/10/08 08:27:58.0842 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
2010/10/08 08:27:58.0961 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/10/08 08:27:59.0134 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/10/08 08:27:59.0346 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/10/08 08:27:59.0504 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/10/08 08:27:59.0945 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/10/08 08:28:00.0160 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/10/08 08:28:00.0413 AgereSoftModem (ceffa3db1657293322e0bdea7d99e754) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/10/08 08:28:00.0619 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/10/08 08:28:00.0698 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/08 08:28:00.0769 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/10/08 08:28:00.0931 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/10/08 08:28:00.0980 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/10/08 08:28:01.0044 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/10/08 08:28:01.0276 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/10/08 08:28:01.0707 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/10/08 08:28:01.0836 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/10/08 08:28:01.0977 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/08 08:28:02.0082 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/10/08 08:28:02.0271 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/10/08 08:28:02.0377 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\Windows\system32\DRIVERS\avipbb.sys
2010/10/08 08:28:02.0553 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/10/08 08:28:02.0747 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/10/08 08:28:03.0049 BHDrvx86 (5138da8715da5f9823b753b6cb36a9a9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
2010/10/08 08:28:03.0349 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/08 08:28:03.0535 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/08 08:28:03.0578 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/08 08:28:03.0699 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\DRIVERS\BrSerId.sys
2010/10/08 08:28:03.0959 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/08 08:28:04.0029 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/08 08:28:04.0130 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys
2010/10/08 08:28:04.0272 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/10/08 08:28:04.0442 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/10/08 08:28:05.0003 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2010/10/08 08:28:05.0599 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/10/08 08:28:06.0484 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\N360\0402000.00C\ccHPx86.sys
2010/10/08 08:28:07.0194 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/08 08:28:07.0694 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/08 08:28:08.0099 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/10/08 08:28:08.0497 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/10/08 08:28:08.0962 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/08 08:28:09.0252 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/10/08 08:28:09.0605 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/08 08:28:09.0924 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/10/08 08:28:10.0175 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/10/08 08:28:10.0483 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/10/08 08:28:10.0735 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/10/08 08:28:10.0829 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2010/10/08 08:28:11.0123 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/10/08 08:28:11.0297 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/10/08 08:28:11.0402 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/10/08 08:28:11.0584 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/08 08:28:11.0776 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/08 08:28:11.0863 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/10/08 08:28:11.0966 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/10/08 08:28:12.0221 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/10/08 08:28:12.0380 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/10/08 08:28:12.0622 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/10/08 08:28:12.0715 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/10/08 08:28:12.0883 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/08 08:28:13.0009 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/10/08 08:28:13.0175 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/10/08 08:28:13.0270 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/08 08:28:13.0422 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/10/08 08:28:13.0569 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/08 08:28:13.0701 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/08 08:28:13.0756 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/10/08 08:28:13.0898 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2010/10/08 08:28:14.0084 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/08 08:28:14.0610 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/10/08 08:28:14.0664 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/10/08 08:28:14.0754 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/08 08:28:14.0935 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/10/08 08:28:15.0079 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/10/08 08:28:15.0257 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/10/08 08:28:15.0337 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/08 08:28:15.0441 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/10/08 08:28:15.0640 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/10/08 08:28:15.0901 IDSVix86 (ee90168d5578359fe9a295b8611330c0) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101007.003\IDSvix86.sys
2010/10/08 08:28:16.0065 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/08 08:28:16.0371 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/10/08 08:28:16.0663 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/08 08:28:16.0792 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/08 08:28:17.0014 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/08 08:28:17.0077 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/08 08:28:17.0270 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/10/08 08:28:17.0383 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/10/08 08:28:17.0454 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/08 08:28:17.0633 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/08 08:28:17.0718 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/08 08:28:17.0776 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/08 08:28:17.0934 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2010/10/08 08:28:18.0043 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/08 08:28:18.0236 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
2010/10/08 08:28:18.0341 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/08 08:28:18.0471 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/08 08:28:18.0607 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/08 08:28:18.0768 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/08 08:28:18.0872 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/10/08 08:28:19.0037 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/10/08 08:28:19.0193 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/10/08 08:28:19.0365 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/08 08:28:19.0512 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/08 08:28:19.0645 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/08 08:28:19.0808 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/10/08 08:28:19.0915 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/10/08 08:28:20.0070 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/08 08:28:20.0171 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/08 08:28:20.0317 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/08 08:28:20.0393 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/08 08:28:20.0442 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/08 08:28:20.0471 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/08 08:28:20.0607 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/10/08 08:28:20.0684 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/10/08 08:28:20.0767 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/10/08 08:28:20.0917 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/10/08 08:28:21.0037 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/08 08:28:21.0219 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/08 08:28:21.0587 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/10/08 08:28:21.0673 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/10/08 08:28:21.0765 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/08 08:28:21.0908 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/10/08 08:28:22.0035 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/10/08 08:28:22.0226 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/08 08:28:22.0425 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101007.049\NAVENG.SYS
2010/10/08 08:28:22.0537 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101007.049\NAVEX15.SYS
2010/10/08 08:28:22.0782 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/10/08 08:28:22.0991 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/08 08:28:23.0052 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/08 08:28:23.0114 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/08 08:28:23.0304 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/10/08 08:28:23.0416 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/08 08:28:23.0486 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/08 08:28:23.0965 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/08 08:28:24.0232 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/10/08 08:28:24.0592 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/08 08:28:24.0806 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/10/08 08:28:24.0993 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/08 08:28:25.0121 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/10/08 08:28:25.0278 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/10/08 08:28:25.0398 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/10/08 08:28:25.0567 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/10/08 08:28:25.0643 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/10/08 08:28:25.0939 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/10/08 08:28:26.0036 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/10/08 08:28:26.0109 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/10/08 08:28:26.0240 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/10/08 08:28:26.0318 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/10/08 08:28:26.0370 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/10/08 08:28:26.0550 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/10/08 08:28:26.0649 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/08 08:28:27.0107 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/08 08:28:27.0200 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/10/08 08:28:27.0428 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/08 08:28:27.0556 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/10/08 08:28:27.0743 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/08 08:28:27.0839 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/08 08:28:27.0927 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/08 08:28:28.0084 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/08 08:28:28.0175 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/08 08:28:28.0233 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/08 08:28:28.0368 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/08 08:28:28.0448 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/08 08:28:28.0518 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/10/08 08:28:28.0638 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/08 08:28:28.0731 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/10/08 08:28:28.0867 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/10/08 08:28:29.0021 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/08 08:28:29.0129 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/10/08 08:28:29.0317 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/08 08:28:29.0644 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/10/08 08:28:29.0721 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/08 08:28:29.0799 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/10/08 08:28:29.0956 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/10/08 08:28:30.0013 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/10/08 08:28:30.0090 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/10/08 08:28:30.0294 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/08 08:28:30.0344 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/10/08 08:28:30.0400 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/08 08:28:30.0566 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/10/08 08:28:30.0617 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/10/08 08:28:30.0659 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/10/08 08:28:30.0837 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/10/08 08:28:30.0935 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/10/08 08:28:31.0191 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0402000.00C\SRTSP.SYS
2010/10/08 08:28:31.0404 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0402000.00C\SRTSPX.SYS
2010/10/08 08:28:31.0462 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/10/08 08:28:31.0593 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/08 08:28:31.0658 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/08 08:28:31.0731 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/10/08 08:28:31.0908 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/08 08:28:32.0016 sxuptp (86083b04dc2b90397f4b47add6eaa407) C:\Windows\system32\DRIVERS\sxuptp.sys
2010/10/08 08:28:32.0187 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/08 08:28:32.0337 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0402000.00C\SYMDS.SYS
2010/10/08 08:28:32.0550 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\Windows\system32\drivers\N360\0402000.00C\SYMEFA.SYS
2010/10/08 08:28:32.0606 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/10/08 08:28:32.0795 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0402000.00C\Ironx86.SYS
2010/10/08 08:28:32.0866 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\Windows\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS
2010/10/08 08:28:33.0038 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/08 08:28:33.0094 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/08 08:28:33.0331 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/10/08 08:28:33.0553 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/08 08:28:33.0724 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/08 08:28:33.0788 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/10/08 08:28:33.0840 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/10/08 08:28:33.0925 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/08 08:28:34.0129 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/08 08:28:34.0662 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/08 08:28:34.0870 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/08 08:28:34.0950 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/08 08:28:35.0021 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/10/08 08:28:35.0187 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/08 08:28:35.0298 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/08 08:28:35.0362 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/10/08 08:28:35.0654 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/08 08:28:35.0879 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/08 08:28:35.0945 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/08 08:28:36.0228 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/08 08:28:36.0310 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/08 08:28:36.0473 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/08 08:28:36.0545 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/08 08:28:36.0612 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/10/08 08:28:36.0756 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/08 08:28:36.0835 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/08 08:28:37.0018 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/08 08:28:37.0082 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/08 08:28:37.0183 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/08 08:28:37.0346 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/10/08 08:28:37.0453 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/10/08 08:28:37.0539 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/10/08 08:28:37.0590 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/10/08 08:28:37.0650 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/10/08 08:28:37.0750 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/10/08 08:28:37.0873 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/10/08 08:28:38.0061 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/10/08 08:28:38.0221 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/08 08:28:38.0347 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/08 08:28:38.0401 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/08 08:28:38.0541 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/10/08 08:28:38.0664 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/08 08:28:38.0924 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/08 08:28:39.0046 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/08 08:28:39.0201 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/08 08:28:39.0296 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/08 08:28:39.0405 ================================================================================
2010/10/08 08:28:39.0405 Scan finished
2010/10/08 08:28:39.0405 ================================================================================
2010/10/08 08:29:54.0654 Deinitialize success





MBR Check Log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 9410
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 157):
0x81E16000 \SystemRoot\system32\ntkrnlpa.exe
0x821CF000 \SystemRoot\system32\hal.dll
0x8040E000 \SystemRoot\system32\kdcom.dll
0x80415000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80485000 \SystemRoot\system32\PSHED.dll
0x80496000 \SystemRoot\system32\BOOTVID.dll
0x8049E000 \SystemRoot\system32\CLFS.SYS
0x804DF000 \SystemRoot\system32\CI.dll
0x80604000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80680000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068D000 \SystemRoot\system32\drivers\acpi.sys
0x806D3000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DC000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E4000 \SystemRoot\system32\drivers\pci.sys
0x8070B000 \SystemRoot\System32\drivers\partmgr.sys
0x8071A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80727000 \SystemRoot\system32\drivers\volmgr.sys
0x80736000 \SystemRoot\System32\drivers\volmgrx.sys
0x80780000 \SystemRoot\system32\drivers\intelide.sys
0x80787000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80795000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807C2000 \SystemRoot\System32\drivers\mountmgr.sys
0x807D2000 \SystemRoot\system32\drivers\atapi.sys
0x807DA000 \SystemRoot\system32\drivers\ataport.SYS
0x805BF000 \SystemRoot\system32\drivers\fltmgr.sys
0x85E09000 \SystemRoot\system32\drivers\N360\0402000.00C\SYMDS.SYS
0x85E5F000 \SystemRoot\system32\drivers\fileinfo.sys
0x85E6F000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x85E7E000 \SystemRoot\system32\drivers\N360\0402000.00C\SYMEFA.SYS
0x85EAB000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8600B000 \SystemRoot\system32\drivers\ndis.sys
0x86116000 \SystemRoot\system32\drivers\msrpc.sys
0x86141000 \SystemRoot\system32\drivers\NETIO.SYS
0x8620C000 \SystemRoot\System32\drivers\tcpip.sys
0x862F6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x86401000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86511000 \SystemRoot\system32\drivers\volsnap.sys
0x8654A000 \SystemRoot\System32\Drivers\spldr.sys
0x86552000 \SystemRoot\System32\Drivers\mup.sys
0x86561000 \SystemRoot\System32\drivers\ecache.sys
0x86588000 \SystemRoot\system32\drivers\disk.sys
0x86599000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x865BA000 \SystemRoot\system32\drivers\crcdisk.sys
0x865D0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x865DB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x865E4000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x865F3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A20E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x86311000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8A385000 \SystemRoot\System32\drivers\watchdog.sys
0x85F1C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A391000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8617C000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8A3A0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A3AB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A3E9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x863B2000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8A3F8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x863CC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A200000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x865C3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x863DF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x863F7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x85FA9000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8AA0F000 \SystemRoot\system32\DRIVERS\storport.sys
0x8AA50000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AA5B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AA72000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AA7D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AAA0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AAAF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AAC3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AAD8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AAE8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8AAEA000 \SystemRoot\system32\DRIVERS\ks.sys
0x8AB14000 \SystemRoot\system32\DRIVERS\sxuptp.sys
0x8AB53000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AB5D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8AB6A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AB9F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8ABB0000 \SystemRoot\system32\drivers\HdAudio.sys
0x8AE0D000 \SystemRoot\system32\drivers\portcls.sys
0x8AE3A000 \SystemRoot\system32\drivers\drmk.sys
0x8AE5F000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8AF96000 \SystemRoot\system32\drivers\modem.sys
0x8AFA3000 \??\C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
0x8AFAC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8AFB5000 \SystemRoot\System32\Drivers\Null.SYS
0x8AFBC000 \SystemRoot\System32\Drivers\Beep.SYS
0x8AFC3000 \SystemRoot\System32\drivers\vga.sys
0x8AFCF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AFF0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8AFF8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8AE00000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8ABEF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8AA00000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x85FD8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B20F000 \SystemRoot\System32\Drivers\N360\0402000.00C\SYMTDIV.SYS
0x8B268000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x8B28D000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B2A1000 \SystemRoot\system32\drivers\afd.sys
0x8B2E9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B31B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B331000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B33F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8B352000 \SystemRoot\system32\drivers\N360\0402000.00C\Ironx86.SYS
0x8B371000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8B37A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8B38A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B391000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8B393000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8C023000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8C029000 \SystemRoot\system32\drivers\N360\0402000.00C\SRTSPX.SYS
0x8C033000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C06F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C0D4000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x8C132000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x8C14F000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C166000 \SystemRoot\system32\drivers\N360\0402000.00C\ccHPx86.sys
0x8C808000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys
0x8C8B4000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8C8D6000 \??\C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
0x8C8D8000 \SystemRoot\System32\Drivers\fastfat.SYS
0x96E00000 \SystemRoot\System32\win32k.sys
0x8C90D000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C917000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97020000 \SystemRoot\System32\TSDDD.dll
0x97040000 \SystemRoot\System32\cdd.dll
0x8C926000 \SystemRoot\system32\drivers\luafv.sys
0x8C941000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8C95E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAAA01000 \SystemRoot\system32\drivers\spsys.sys
0xAAAB1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAAADB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAAAE5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAAAF8000 \SystemRoot\system32\drivers\HTTP.sys
0xAAB65000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAAB82000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAAB9B000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAABB0000 \SystemRoot\system32\drivers\mrxdav.sys
0xAABD1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAABF0000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x8C96E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8C9A7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8C9BF000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAE00C000 \SystemRoot\System32\DRIVERS\srv.sys
0xAE05A000 \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
0xAE06A000 \SystemRoot\system32\drivers\peauth.sys
0xAE148000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE152000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE185000 \SystemRoot\System32\Drivers\N360\0402000.00C\SRTSP.SYS
0xB3569000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB3400000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101007.049\NAVEX15.SYS
0xB354E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101007.049\NAVENG.SYS
0xB357F000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101007.003\IDSvix86.sys
0x77410000 \Windows\System32\ntdll.dll

Processes (total 86):
0 System Idle Process
4 System
388 C:\Windows\System32\smss.exe
468 csrss.exe
512 C:\Windows\System32\wininit.exe
520 csrss.exe
556 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
620 C:\Windows\System32\winlogon.exe
760 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\audiodg.exe
1164 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\SLsvc.exe
1208 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\svchost.exe
1576 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1732 C:\Windows\System32\spoolsv.exe
1780 C:\Windows\System32\dwm.exe
1824 C:\Windows\System32\taskeng.exe
1832 C:\Windows\explorer.exe
1896 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1912 C:\Windows\System32\svchost.exe
1980 C:\Windows\System32\taskeng.exe
1236 C:\Program Files\Emsisoft Anti-Malware\a2service.exe
416 C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe
472 C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
1024 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
1036 C:\Windows\AGRSMMSG.exe
1160 C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
928 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
952 C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
204 C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2068 C:\Program Files\Bonjour\mDNSResponder.exe
2128 C:\Windows\System32\svchost.exe
2172 C:\Windows\System32\svchost.exe
2192 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2200 C:\Program Files\IObit\IObit Security 360\is360srv.exe
2380 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2472 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2740 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
2748 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
2776 C:\Program Files\iTunes\iTunesHelper.exe
2808 C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
2832 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2844 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2852 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2936 C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
3060 C:\Windows\System32\svchost.exe
3208 C:\Windows\System32\svchost.exe
3216 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3228 C:\Windows\System32\svchost.exe
3280 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3296 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
3336 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3368 C:\Windows\System32\svchost.exe
3416 C:\Windows\System32\svchost.exe
3436 C:\Windows\System32\SearchIndexer.exe
3652 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3264 unsecapp.exe
2228 dllhost.exe
3672 WmiPrvSE.exe
3680 C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
5028 C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
5168 C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
5424 C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
6124 C:\Program Files\iPod\bin\iPodService.exe
3624 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
4016 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
6120 C:\Program Files\Windows Media Player\wmpnscfg.exe
3896 C:\Program Files\Windows Media Player\wmpnetwk.exe
5520 C:\Program Files\Windows Media Player\wmpnscfg.exe
5532 C:\Program Files\Internet Explorer\iexplore.exe
4684 C:\Program Files\Internet Explorer\iexplore.exe
572 C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
4100 C:\Users\Marty\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
172 C:\Program Files\Internet Explorer\iexplore.exe
6016 C:\Program Files\Windows Media Player\wmplayer.exe
2616 C:\Windows\System32\taskeng.exe
732 C:\Program Files\DAP\DAP.exe
1904 C:\Windows\System32\SearchProtocolHost.exe
1512 C:\Users\Marty\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`007e0000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`9bd27e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:05 AM

Posted 08 October 2010 - 07:01 PM

That looks nice and clean. Let's try and rip out what's causing the problem

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:05 AM

Posted 11 October 2010 - 06:29 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:05 AM

Posted 12 October 2010 - 06:49 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users