Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo/Google/Firefox Search Redirects + web pages taking very long to load


  • This topic is locked This topic is locked
35 replies to this topic

#1 kkallstar

kkallstar

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 09 November 2010 - 10:21 AM

Frequently I get redirected when I search something on google/yahoo or when I click on a link I want to go to. Also, webpages are taking a long time to load and my laptop seems to be generally slowing down since I got this virus. I have no idea what to do at the moment. Hopefully you can help me. Here is a the Hijackthis report

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:04:15, on 09/11/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\eoinphelan\AppData\Roaming\SysWin\lsass.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Users\EOINPH~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Users\eoinphelan\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1809&s=2&o=vb32&d=1108&m=aspire_5735
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1809&s=2&o=vb32&d=1108&m=aspire_5735
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1809&s=2&o=vb32&d=1108&m=aspire_5735
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {01C0DA96-AFCE-4F59-BC8E-77ADDA481218} - C:\Windows\system32\AUDIOKSE32.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100926012556.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: 2a736302 - {DA83C0CD-C9A3-BE05-F70A-CA125237C8C3} - C:\ProgramData\AUDIOKSE32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mssvpwow.exe] C:\Windows\mssvpwow.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [RTHDBPL] C:\Users\eoinphelan\AppData\Roaming\SysWin\lsass.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [RTHDBPL] C:\Windows\TEMP\8F43.tmp (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RTHDBPL] C:\Windows\TEMP\8F43.tmp (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.8.05.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\ProgramData\AUDIOKSE32.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\ProgramData\AUDIOKSE32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Windows Remote Management (WS-Management) (WinRM32) - Unknown owner - C:\Windows\system32\KBDUR32.exe

--
End of file - 14071 bytes

I got a Gmer log as well

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:36 AM

Posted 15 November 2010 - 08:41 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:36 AM

Posted 21 November 2010 - 11:40 AM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:36 AM

Posted 22 November 2010 - 02:42 PM

Reopened at user's request

-----------------------------------------

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 kkallstar

kkallstar
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 22 November 2010 - 07:32 PM

2010/11/23 00:29:59.0668 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/23 00:29:59.0668 ================================================================================
2010/11/23 00:29:59.0668 SystemInfo:
2010/11/23 00:29:59.0668
2010/11/23 00:29:59.0668 OS Version: 6.0.6002 ServicePack: 2.0
2010/11/23 00:29:59.0669 Product type: Workstation
2010/11/23 00:29:59.0669 ComputerName: EOINPHELAN-PC
2010/11/23 00:29:59.0669 UserName: eoinphelan
2010/11/23 00:29:59.0669 Windows directory: C:\Windows
2010/11/23 00:29:59.0669 System windows directory: C:\Windows
2010/11/23 00:29:59.0670 Processor architecture: Intel x86
2010/11/23 00:29:59.0670 Number of processors: 2
2010/11/23 00:29:59.0670 Page size: 0x1000
2010/11/23 00:29:59.0670 Boot type: Normal boot
2010/11/23 00:29:59.0670 ================================================================================
2010/11/23 00:30:00.0293 Initialize success
2010/11/23 00:30:05.0199 ================================================================================
2010/11/23 00:30:05.0199 Scan started
2010/11/23 00:30:05.0199 Mode: Manual;
2010/11/23 00:30:05.0199 ================================================================================
2010/11/23 00:30:06.0242 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/11/23 00:30:06.0319 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/11/23 00:30:06.0474 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/11/23 00:30:06.0620 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/11/23 00:30:06.0668 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/11/23 00:30:06.0893 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/11/23 00:30:07.0135 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/11/23 00:30:07.0421 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/11/23 00:30:07.0512 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/23 00:30:07.0668 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/11/23 00:30:07.0753 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/11/23 00:30:07.0834 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/11/23 00:30:07.0965 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/11/23 00:30:08.0023 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/11/23 00:30:08.0173 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/11/23 00:30:08.0248 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/11/23 00:30:08.0331 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/23 00:30:08.0451 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/11/23 00:30:08.0631 athr (7fa516fc81dd5931f389b56279a27a3e) C:\Windows\system32\DRIVERS\athr.sys
2010/11/23 00:30:09.0022 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/11/23 00:30:09.0128 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/11/23 00:30:09.0289 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/11/23 00:30:09.0621 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/23 00:30:09.0707 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/23 00:30:09.0840 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/23 00:30:09.0974 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/23 00:30:10.0079 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/23 00:30:10.0176 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/23 00:30:10.0217 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/23 00:30:10.0339 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/11/23 00:30:10.0466 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/23 00:30:10.0604 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/23 00:30:10.0742 cfwids (7e6f7da1c4de5680820f964562548949) C:\Windows\system32\drivers\cfwids.sys
2010/11/23 00:30:10.0921 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/11/23 00:30:11.0041 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/11/23 00:30:11.0210 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/23 00:30:11.0297 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/11/23 00:30:11.0354 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/23 00:30:11.0430 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/11/23 00:30:11.0534 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/11/23 00:30:11.0712 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/11/23 00:30:11.0929 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/11/23 00:30:12.0116 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2010/11/23 00:30:12.0357 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/11/23 00:30:12.0480 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/23 00:30:12.0618 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/23 00:30:12.0745 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/11/23 00:30:12.0960 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/11/23 00:30:13.0155 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/11/23 00:30:13.0302 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/11/23 00:30:13.0448 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/11/23 00:30:13.0581 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/23 00:30:13.0710 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/11/23 00:30:13.0836 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/11/23 00:30:13.0889 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/23 00:30:13.0992 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/11/23 00:30:14.0197 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/23 00:30:14.0330 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/23 00:30:14.0542 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/11/23 00:30:14.0713 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/23 00:30:14.0964 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/11/23 00:30:15.0042 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/11/23 00:30:15.0198 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/23 00:30:15.0346 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/11/23 00:30:15.0447 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/11/23 00:30:15.0609 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/11/23 00:30:15.0813 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2010/11/23 00:30:15.0971 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/11/23 00:30:16.0075 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/23 00:30:16.0136 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/11/23 00:30:16.0759 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/11/23 00:30:17.0255 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/23 00:30:17.0349 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2010/11/23 00:30:17.0841 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys
2010/11/23 00:30:18.0272 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/11/23 00:30:18.0384 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/23 00:30:18.0558 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/23 00:30:19.0020 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/23 00:30:19.0332 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/23 00:30:19.0451 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2010/11/23 00:30:19.0555 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/11/23 00:30:19.0654 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/11/23 00:30:19.0718 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/23 00:30:19.0835 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/23 00:30:20.0296 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/23 00:30:20.0468 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/23 00:30:20.0594 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/23 00:30:20.0733 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/23 00:30:20.0983 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/23 00:30:21.0143 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/23 00:30:21.0202 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/23 00:30:21.0305 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/23 00:30:21.0425 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/11/23 00:30:21.0705 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/11/23 00:30:21.0853 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/11/23 00:30:21.0951 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\Windows\system32\drivers\mfeapfk.sys
2010/11/23 00:30:22.0091 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\Windows\system32\drivers\mfeavfk.sys
2010/11/23 00:30:22.0410 mfebopk (19161b1796cf74a6a326abde309062ba) C:\Windows\system32\drivers\mfebopk.sys
2010/11/23 00:30:22.0514 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\Windows\system32\drivers\mfefirek.sys
2010/11/23 00:30:22.0709 mfehidk (0efab2b91b27543fe589de700de07136) C:\Windows\system32\drivers\mfehidk.sys
2010/11/23 00:30:22.0915 mfenlfk (b4022e16569bbd1a85e68e7e78e68880) C:\Windows\system32\DRIVERS\mfenlfk.sys
2010/11/23 00:30:23.0150 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\Windows\system32\drivers\mferkdet.sys
2010/11/23 00:30:23.0442 mfewfpk (183f32c79d1693170df3baecec611125) C:\Windows\system32\drivers\mfewfpk.sys
2010/11/23 00:30:23.0653 MOBKFilter (e896775837a8bce436348df460522394) C:\Windows\system32\DRIVERS\MOBK.sys
2010/11/23 00:30:23.0929 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/11/23 00:30:24.0038 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/23 00:30:24.0121 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/23 00:30:24.0221 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/23 00:30:24.0326 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/11/23 00:30:24.0425 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/11/23 00:30:24.0526 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/23 00:30:24.0642 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/23 00:30:24.0707 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/23 00:30:24.0811 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/23 00:30:24.0943 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/23 00:30:25.0052 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/23 00:30:25.0207 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2010/11/23 00:30:25.0302 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/11/23 00:30:25.0524 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/11/23 00:30:25.0645 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/11/23 00:30:25.0769 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/23 00:30:25.0909 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/23 00:30:26.0029 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/11/23 00:30:26.0122 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/11/23 00:30:26.0242 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/23 00:30:26.0333 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/11/23 00:30:26.0535 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/11/23 00:30:26.0685 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/23 00:30:26.0826 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/11/23 00:30:27.0018 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/23 00:30:27.0110 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/23 00:30:27.0178 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/23 00:30:27.0273 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/11/23 00:30:27.0406 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/23 00:30:27.0531 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/23 00:30:27.0696 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/23 00:30:27.0823 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/11/23 00:30:27.0997 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2010/11/23 00:30:28.0121 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/23 00:30:28.0237 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/11/23 00:30:28.0510 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2010/11/23 00:30:28.0774 NTIPPKernel (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
2010/11/23 00:30:32.0057 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/23 00:30:32.0159 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/11/23 00:30:32.0217 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/11/23 00:30:32.0338 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/11/23 00:30:32.0438 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/11/23 00:30:32.0835 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/23 00:30:33.0055 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/11/23 00:30:33.0174 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/11/23 00:30:33.0276 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/11/23 00:30:33.0405 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/11/23 00:30:33.0508 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/11/23 00:30:33.0622 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/11/23 00:30:33.0781 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/23 00:30:34.0112 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/23 00:30:34.0215 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/11/23 00:30:34.0362 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/23 00:30:34.0470 PSDFilter (1dcbb35090cc4b2bd3d661e6089523c6) C:\Windows\system32\DRIVERS\psdfilter.sys
2010/11/23 00:30:34.0635 PSDNServ (e26e46d619469964ac3609620f443867) C:\Windows\system32\DRIVERS\PSDNServ.sys
2010/11/23 00:30:34.0848 psdvdisk (3e1d134af2806867d06047c4cc33cc65) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2010/11/23 00:30:35.0089 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/11/23 00:30:35.0291 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/23 00:30:35.0410 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/23 00:30:35.0511 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/23 00:30:35.0720 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/23 00:30:35.0895 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/23 00:30:36.0011 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/23 00:30:36.0134 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/23 00:30:36.0249 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/23 00:30:36.0377 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/11/23 00:30:36.0494 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/23 00:30:36.0621 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/11/23 00:30:36.0889 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/23 00:30:36.0985 RTSTOR (9ea88492b1dab90dce43a6f2c0e133bd) C:\Windows\system32\drivers\RTSTOR.SYS
2010/11/23 00:30:37.0269 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/23 00:30:37.0477 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/11/23 00:30:37.0599 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/23 00:30:37.0722 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/11/23 00:30:37.0857 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/11/23 00:30:37.0958 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/11/23 00:30:38.0207 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/11/23 00:30:38.0307 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/23 00:30:38.0357 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/23 00:30:38.0474 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/11/23 00:30:38.0656 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/11/23 00:30:38.0715 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/11/23 00:30:38.0774 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/11/23 00:30:38.0957 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/11/23 00:30:39.0189 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/11/23 00:30:39.0323 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/11/23 00:30:39.0606 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/23 00:30:39.0875 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/23 00:30:40.0081 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/23 00:30:40.0194 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/23 00:30:40.0304 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/23 00:30:40.0361 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/23 00:30:40.0491 SynTP (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys
2010/11/23 00:30:40.0982 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/11/23 00:30:41.0311 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/23 00:30:41.0460 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/23 00:30:41.0561 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/11/23 00:30:41.0629 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/11/23 00:30:41.0746 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/23 00:30:41.0870 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/23 00:30:42.0112 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/23 00:30:42.0227 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/23 00:30:42.0392 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/23 00:30:42.0540 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/11/23 00:30:42.0678 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2010/11/23 00:30:42.0880 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/23 00:30:43.0044 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/23 00:30:43.0162 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/11/23 00:30:43.0320 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/23 00:30:43.0445 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/23 00:30:43.0550 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/23 00:30:43.0734 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/23 00:30:43.0914 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/23 00:30:44.0104 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/23 00:30:44.0213 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/23 00:30:44.0272 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/11/23 00:30:44.0386 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/23 00:30:44.0491 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/11/23 00:30:44.0555 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/23 00:30:44.0661 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/23 00:30:44.0808 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/11/23 00:30:45.0017 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/23 00:30:45.0160 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/11/23 00:30:45.0316 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/11/23 00:30:45.0476 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/11/23 00:30:45.0632 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/11/23 00:30:45.0784 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/11/23 00:30:45.0961 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/11/23 00:30:46.0199 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/11/23 00:30:46.0373 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/11/23 00:30:46.0568 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/23 00:30:46.0728 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/23 00:30:46.0782 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/23 00:30:46.0931 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/11/23 00:30:46.0999 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/23 00:30:47.0290 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/11/23 00:30:47.0624 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/23 00:30:47.0881 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/23 00:30:48.0115 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/23 00:30:48.0307 yukonwlh (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys
2010/11/23 00:30:48.0407 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
2010/11/23 00:30:49.0080 ================================================================================
2010/11/23 00:30:49.0080 Scan finished
2010/11/23 00:30:49.0080 ================================================================================

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:36 AM

Posted 22 November 2010 - 08:18 PM

Okay, that's a good log.

Please run Combofix next

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 kkallstar

kkallstar
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 23 November 2010 - 08:52 AM

ComboFix.txt as requested

Attached Files



#8 kkallstar

kkallstar
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 23 November 2010 - 09:35 AM

It appears I still have the google redirect virus after running ComboFix. I had some trouble when running ComboFix. The computer could not find the respective programs to run the following:

CF26296.cfxxe, and
NirCmd.cfxxe

Do this make a difference?

Not sure if the log I attached in the previous post contains the right info.

Thanks again for your help.

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:36 AM

Posted 23 November 2010 - 10:51 AM

Combofix stalled from the looks of the log.

Please attempt to run it again and let me know if you experience the same problems.
Posted Image
m0le is a proud member of UNITE

#10 kkallstar

kkallstar
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 23 November 2010 - 02:50 PM

I tried ComboFix again and seem to have encountered the same problem. Any ideas?

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:36 AM

Posted 23 November 2010 - 04:14 PM

Lots of possibilities, all of them to do with stopping Combofix from running.

Please run MBRCheck

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#12 kkallstar

kkallstar
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 23 November 2010 - 07:22 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 5735
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 153):
0x82216000 \SystemRoot\system32\ntkrnlpa.exe
0x825CF000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80695000 \SystemRoot\system32\drivers\acpi.sys
0x806DB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E4000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EC000 \SystemRoot\system32\drivers\pci.sys
0x80713000 \SystemRoot\System32\drivers\partmgr.sys
0x80722000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80725000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072F000 \SystemRoot\system32\drivers\volmgr.sys
0x8073E000 \SystemRoot\System32\drivers\volmgrx.sys
0x80788000 \SystemRoot\System32\drivers\mountmgr.sys
0x80798000 \SystemRoot\System32\Drivers\UBHelper.sys
0x807A0000 \SystemRoot\system32\drivers\atapi.sys
0x807A8000 \SystemRoot\system32\drivers\ataport.SYS
0x807C6000 \SystemRoot\system32\drivers\msahci.sys
0x807D0000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x805BE000 \SystemRoot\system32\drivers\fltmgr.sys
0x807DE000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A003000 \SystemRoot\system32\drivers\mfehidk.sys
0x8A060000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8A069000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A0DA000 \SystemRoot\system32\drivers\ndis.sys
0x8A20E000 \SystemRoot\system32\drivers\msrpc.sys
0x8A239000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A274000 \SystemRoot\System32\drivers\tcpip.sys
0x8A35E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A402000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A512000 \SystemRoot\system32\drivers\volsnap.sys
0x8A54B000 \SystemRoot\System32\Drivers\spldr.sys
0x8A553000 \SystemRoot\System32\Drivers\mup.sys
0x8A562000 \SystemRoot\System32\drivers\ecache.sys
0x8A589000 \SystemRoot\system32\drivers\disk.sys
0x8A59A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A5BB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A5E6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A5F1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8DE04000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E721000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E7C2000 \SystemRoot\System32\drivers\watchdog.sys
0x8E7CE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A379000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E7D9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EA0B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EA98000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8EAE4000 \SystemRoot\system32\DRIVERS\athr.sys
0x8EBCB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8EBCF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EBE2000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8EBEC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A3B7000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EBF7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EA00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A3E7000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8E7E8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E7F1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EC0D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EC3C000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EC7D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EC88000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EC9F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8ECAA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8ECCD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8ECDC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8ECF0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8ED05000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8ED15000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8ED17000 \SystemRoot\system32\DRIVERS\ks.sys
0x8ED41000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8ED4B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8ED58000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8ED8D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EE06000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F013000 \SystemRoot\system32\drivers\portcls.sys
0x8F040000 \SystemRoot\system32\drivers\drmk.sys
0x8F065000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8F18B000 \SystemRoot\system32\drivers\modem.sys
0x8F198000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F1B0000 \SystemRoot\system32\DRIVERS\MOBK.sys
0x8F1C3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F1CC000 \SystemRoot\System32\Drivers\Null.SYS
0x8F1D3000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F1DA000 \SystemRoot\System32\drivers\vga.sys
0x8ED9E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F1E6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F1EE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EDBF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EDCA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F1F6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EDD8000 \SystemRoot\system32\drivers\mfewfpk.sys
0x8A1E5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F40F000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F423000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F455000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F46C000 \SystemRoot\system32\drivers\afd.sys
0x8F4B4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F4CA000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F4EB000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x8F4F9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F507000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F51A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F556000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F560000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F577000 \SystemRoot\system32\drivers\mfeavfk.sys
0x8F59B000 \SystemRoot\system32\drivers\mfefirek.sys
0x8F5E6000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8FE0C000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8FE34000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FE41000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8FE4C000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x97E30000 \SystemRoot\System32\win32k.sys
0x8FE56000 \SystemRoot\System32\drivers\Dxapi.sys
0x8FE60000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98050000 \SystemRoot\System32\TSDDD.dll
0x98070000 \SystemRoot\System32\cdd.dll
0x8FE6F000 \SystemRoot\system32\drivers\luafv.sys
0x8FE8A000 \SystemRoot\system32\drivers\spsys.sys
0x8FF3A000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x8FF4C000 \SystemRoot\system32\DRIVERS\irda.sys
0x8FF6A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8FF7A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8FFA4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8FFAE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAAA02000 \SystemRoot\system32\drivers\HTTP.sys
0xAAA6F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAAA8C000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAAAA5000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAAABA000 \SystemRoot\system32\drivers\mrxdav.sys
0xAAADB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAAAFA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAAB33000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAAB4B000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAAB73000 \SystemRoot\System32\DRIVERS\srv.sys
0xAABD9000 \??\C:\Windows\system32\drivers\int15.sys
0xAABE0000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0xAEC0B000 \SystemRoot\system32\drivers\peauth.sys
0xAECE9000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xAECF2000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xAED04000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAED0E000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAED1A000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0xAED5F000 \SystemRoot\system32\drivers\cfwids.sys
0xAED6B000 \SystemRoot\system32\drivers\mfeapfk.sys
0xAED81000 \SystemRoot\system32\drivers\mfebopk.sys
0x77850000 \Windows\System32\ntdll.dll

Processes (total 96):
0 System Idle Process
4 System
520 C:\Windows\System32\smss.exe
604 csrss.exe
648 C:\Windows\System32\wininit.exe
660 csrss.exe
700 C:\Windows\System32\winlogon.exe
732 C:\Windows\System32\services.exe
748 C:\Windows\System32\lsass.exe
756 C:\Windows\System32\lsm.exe
920 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\audiodg.exe
1332 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\SLsvc.exe
1448 C:\Windows\System32\svchost.exe
1604 C:\Windows\System32\svchost.exe
1788 C:\Windows\System32\spoolsv.exe
1816 C:\Windows\System32\svchost.exe
260 C:\Windows\System32\agrsmsvc.exe
296 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
380 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
448 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
608 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
752 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1388 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
2032 C:\Windows\System32\taskeng.exe
1268 C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
304 C:\Windows\System32\rundll32.exe
1976 C:\Windows\System32\dwm.exe
916 C:\Acer\Mobility Center\MobilityService.exe
2064 C:\Windows\explorer.exe
2212 C:\Program Files\McAfee Online Backup\MOBKbackup.exe
2340 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2432 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2480 C:\Program Files\McAfee Online Backup\MOBKbackup.exe
2536 C:\Windows\System32\svchost.exe
2576 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2704 C:\Windows\System32\svchost.exe
2712 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2732 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2740 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
2748 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
2756 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
2764 C:\Windows\RtHDVCpl.exe
2780 C:\Windows\PLFSetI.exe
2816 C:\Windows\System32\igfxsrvc.exe
2844 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
2872 C:\ProgramData\AUDIOKSE32.exe
3084 C:\Windows\System32\svchost.exe
3104 C:\Windows\System32\SearchIndexer.exe
3156 C:\ProgramData\hbaapi32.exe
3192 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
3424 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
3604 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
284 C:\Windows\System32\VSSVC.exe
2268 unsecapp.exe
2092 WmiPrvSE.exe
3476 C:\Windows\System32\taskeng.exe
2776 C:\Program Files\Launch Manager\LManager.exe
3780 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
1980 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
3836 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
860 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
1068 C:\Program Files\McAfee.com\Agent\mcagent.exe
1028 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1080 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2172 C:\Windows\lsass.exe
3072 C:\Windows\System32\igfxtray.exe
1312 C:\Windows\System32\hkcmd.exe
2528 C:\Windows\System32\igfxpers.exe
3640 C:\Windows\bcdsrvwow.exe
3720 C:\Windows\propdefswow.exe
3716 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3700 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
3672 C:\Program Files\Windows Media Player\wmpnscfg.exe
3624 C:\Windows\propdefswow.exe
2012 C:\Windows\bcdsrvwow.exe
4152 C:\Windows\ctl3dv2wow.exe
4504 C:\Program Files\OpenOffice.org 3\program\soffice.exe
4668 C:\Users\EOINPH~1\AppData\Local\Temp\RtkBtMnt.exe
4688 C:\Program Files\Mozilla Firefox\firefox.exe
4776 C:\Program Files\Windows Media Player\wmpnetwk.exe
5192 C:\Program Files\OpenOffice.org 3\program\soffice.bin
5216 C:\Windows\System32\wbem\unsecapp.exe
5556 C:\Windows\System32\igfxext.exe
5672 C:\Windows\System32\igfxsrvc.exe
5924 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5264 WmiPrvSE.exe
5648 C:\Windows\servicing\TrustedInstaller.exe
2060 C:\Program Files\McAfee.com\Agent\mcupdate.exe
4912 C:\Users\eoinphelan\Downloads\MBRCheck.exe
4904 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`55400000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543225L9A300, Rev: FBEOC40C

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: DA67949D8E80AE4B877B861155C27C0550D2F7A3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:36 AM

Posted 23 November 2010 - 08:14 PM

Infected MBR. We need to rerun MBRCheck

The MBR has been rewritten.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:If you do not have a Vista recovery disk then please burn one as shown here


Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your operating system (3 for Vista), and then press Enter.
  • when asked Do you want to fix the MRB code? type in YES and press enter
  • Restart your PC.
After you restart the PC
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Posted Image
m0le is a proud member of UNITE

#14 kkallstar

kkallstar
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 24 November 2010 - 08:18 AM

Thanks again for your help. There appears to be a problem with my DVD drive. The computer is not detecting it! I can't burn the Vista recovery to a CD as a result. I am dropping my laptop to a repair shop this afternoon. I'm not sure how long it will take to get repaired. I will follow all the steps you have outlined when the laptop is repaired and will reply to you as soon as I do. Can you please leave the post opened in the meantime? Thank you.

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:36 AM

Posted 24 November 2010 - 12:31 PM

Yes, I will. Post again when your lappy is back :thumbup2:
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users