Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web browser search directs to another search engine


  • This topic is locked This topic is locked
34 replies to this topic

#1 Firthy

Firthy

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 11 December 2010 - 11:39 AM

Web browser search directs to another search engine or porn site etc when using google chrome.



DDS (Ver_10-12-05.01) - NTFS_AMD64
Run by Kevin at 16:03:54.18 on 11/12/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3950.1611 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteservice.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\Rezip.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\DllHost.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\windows\splwow64.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Kevin\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [IBP]
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
uRun: [Google Update] "C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [APLangApp] "C:\Program Files (x86)\AnyPC Client\APLangApp.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-5-12 121936]
R1 RapportKE64;RapportKE64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [2010-10-3 63472]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [2010-10-3 56816]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2010-3-15 13824]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-5-12 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-5-12 61008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-9-10 40384]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2010-5-6 65536]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 Rezip;Rezip;C:\Windows\SysWOW64\Rezip.exe [2010-3-15 311296]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-18 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-9-10 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-9-10 40384]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-3-15 52264]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-5-5 35104]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-3-15 83488]
R3 RapportLaunService;Rapport Launching Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [2010-10-3 526320]
R3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\System32\drivers\rtl819xp.sys [2010-2-1 622624]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-5 135664]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-26 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-3-15 151936]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 synusb64;eLicenser;C:\Windows\System32\drivers\synusb64.sys [2010-11-11 30352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-28 1255736]

=============== Created Last 30 ================

2010-12-11 11:23:30 388096 ----a-r- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-11 11:23:30 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-12-10 08:36:36 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes
2010-12-10 08:36:32 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-10 08:36:32 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-10 08:36:28 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
2010-12-10 08:36:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-10 08:17:36 19528 ----a-w- C:\windows\System32\drivers\hitmanpro35.sys
2010-12-10 08:17:35 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2010-12-10 08:17:14 -------- d-----w- C:\PROGRA~3\Hitman Pro
2010-12-10 07:58:11 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{0CE8C339-37AE-4FC3-B1CB-3AA883B8ED54}\mpengine.dll
2010-12-08 19:18:08 -------- d-----w- C:\Program Files (x86)\Veetle
2010-11-30 16:03:04 -------- d-----w- C:\Program Files\Common Files\Sage SBD
2010-11-30 16:02:51 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2010-11-30 16:02:05 -------- d-----w- C:\Program Files (x86)\Sage Payroll
2010-11-30 16:02:05 -------- d-----w- C:\Program Files (x86)\Common Files\Sage Report Designer 2007
2010-11-30 16:01:35 434688 ------w- C:\windows\SysWow64\acfpdfuiamd64.dll
2010-11-30 16:01:35 345088 ------w- C:\windows\SysWow64\acfpdfuiia64.dll
2010-11-30 16:01:35 1092096 ------w- C:\windows\SysWow64\acfpdfuia64.dll
2010-11-30 16:01:34 921600 ------w- C:\windows\SysWow64\acfpdfuamd64.dll
2010-11-30 16:01:33 285492 ------w- C:\windows\SysWow64\acfpdfnt.dll
2010-11-27 15:06:07 177200 ----a-w- C:\windows\System32\drivers\BAPIDRV64.SYS
2010-11-27 15:04:09 -------- d-----w- C:\360Rec
2010-11-27 15:03:59 -------- d-----w- C:\Program Files (x86)\360
2010-11-27 15:00:54 -------- d-----w- C:\PROGRA~3\PPLive
2010-11-27 15:00:37 624056 ----a-w- C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.0.335\mframe.dll
2010-11-27 15:00:37 312768 ----a-w- C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.0.335\ppp.dll
2010-11-24 08:00:00 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 08:00:00 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-18 12:42:00 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-18 12:42:00 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-11 22:22:16 -------- d-----w- C:\Program Files (x86)\eLicenser
2010-11-11 22:12:10 -------- d-----w- C:\Users\Kevin\AppData\Local\eLicenser
2010-11-11 22:12:10 -------- d-----w- C:\PROGRA~3\Syncrosoft
2010-11-11 22:11:08 1708544 ----a-w- C:\windows\System32\synsoacc.dll
2010-11-11 22:11:08 -------- d-----w- C:\Program Files (x86)\Syncrosoft
2010-11-11 22:11:08 -------- d-----w- C:\PROGRA~3\eLicenser
2010-11-11 22:11:07 30352 ----a-w- C:\windows\System32\drivers\synusb64.sys
2010-11-11 22:11:04 1277952 ----a-w- C:\windows\SysWow64\SYNSOACC.dll
2010-11-11 22:11:01 86016 ----a-w- C:\windows\SysWow64\SYNSOPOS.exe

==================== Find3M ====================

2010-11-10 16:23:08 739328 ----a-w- C:\windows\Payroll for Windows.msi
2010-11-05 12:22:40 13824 ----a-w- C:\windows\SysWow64\SgELauncher.dll
2010-11-05 12:22:40 13824 ----a-w- C:\windows\SysWow64\SgEData.dll
2010-10-19 10:41:44 270720 ------w- C:\windows\System32\MpSigStub.exe
2010-09-27 11:39:10 110592 ----a-w- C:\windows\SysWow64\SageSantander.dll
2010-09-22 23:47:28 49016 ----a-w- C:\windows\SysWow64\sirenacm.dll
2010-09-22 23:36:48 48488 ----a-w- C:\windows\System32\drivers\fssfltr.sys
2010-09-22 23:32:56 301936 ----a-w- C:\windows\WLXPGSS.SCR
2010-09-21 13:49:02 252800 ----a-w- C:\windows\System32\LIVESSP.DLL
2010-09-21 13:03:14 208768 ----a-w- C:\windows\SysWow64\LIVESSP.DLL
2010-09-15 04:50:37 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2010-09-14 11:35:38 90112 ----a-w- C:\windows\SysWow64\SageBankOfAmerica.dll

============= FINISH: 16:04:47.40 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:12:48 PM

Posted 19 December 2010 - 10:37 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 Firthy

Firthy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 19 December 2010 - 11:47 AM

Hi thank you for your assistance. My browser is redirecting searches to unknown sites as well as random tabs appearing with sites I haven't requested. I have run a few malware progs etc but nothing has been found. My wife is experiencing a similar problem and we suspect we have both been infected by the same malware from a site we both visited independentlyAttached File  Attach.txt   7.01KB   1 downloads



DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Kevin at 16:37:18.67 on 19/12/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3950.1724 [GMT 0:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Prevx\prevx.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\Rezip.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Prevx\prevx.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\windows\splwow64.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Kevin\Downloads\dds (1).scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [IBP]
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
uRun: [Google Update] "C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [APLangApp] "C:\Program Files (x86)\AnyPC Client\APLangApp.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;C:\Windows\System32\drivers\pxscan.sys [2010-12-11 36384]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-5-12 121936]
R1 pxrts;pxrts;C:\Windows\System32\drivers\pxrts.sys [2010-12-11 65736]
R1 RapportKE64;RapportKE64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [2010-10-3 63472]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [2010-10-3 56816]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2010-3-15 13824]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-5-12 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-5-12 61008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-9-10 40384]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2010-5-6 65536]
R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2010-12-11 6746280]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 Rezip;Rezip;C:\Windows\SysWOW64\Rezip.exe [2010-3-15 311296]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-18 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-9-10 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-9-10 40384]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-3-15 52264]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-5-5 35104]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-3-15 83488]
R3 pxkbf;pxkbf;C:\Windows\System32\drivers\pxkbf.sys [2010-12-11 24024]
R3 RapportLaunService;Rapport Launching Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [2010-10-3 526320]
R3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\System32\drivers\rtl819xp.sys [2010-2-1 622624]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-5 135664]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-26 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-3-15 151936]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 synusb64;eLicenser;C:\Windows\System32\drivers\synusb64.sys [2010-11-11 30352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-28 1255736]

=============== Created Last 30 ================

2010-12-17 21:18:58 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2010-12-17 13:57:40 -------- d-----w- C:\Program Files\iTunes
2010-12-17 13:57:40 -------- d-----w- C:\Program Files\iPod
2010-12-17 13:57:40 -------- d-----w- C:\Program Files (x86)\iTunes
2010-12-17 13:35:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-17 13:35:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-17 13:35:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-17 13:35:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-17 13:35:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-17 13:35:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-17 13:35:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2010-12-17 13:33:15 -------- d-----w- C:\Program Files\Bonjour
2010-12-17 10:13:31 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{99C28BDF-D9C1-4594-9BF3-E8728B470BF2}\mpengine.dll
2010-12-16 12:54:06 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2010-12-16 12:54:06 2048 ----a-w- C:\windows\System32\tzres.dll
2010-12-16 12:54:00 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll
2010-12-16 12:54:00 496128 ----a-w- C:\windows\SysWow64\taskschd.dll
2010-12-16 12:54:00 473600 ----a-w- C:\windows\System32\taskcomp.dll
2010-12-16 12:54:00 464384 ----a-w- C:\windows\System32\taskeng.exe
2010-12-16 12:54:00 305152 ----a-w- C:\windows\SysWow64\taskcomp.dll
2010-12-16 12:54:00 285696 ----a-w- C:\windows\System32\schtasks.exe
2010-12-16 12:54:00 192000 ----a-w- C:\windows\SysWow64\taskeng.exe
2010-12-16 12:54:00 1169408 ----a-w- C:\windows\System32\taskschd.dll
2010-12-16 12:54:00 1114624 ----a-w- C:\windows\System32\schedsvc.dll
2010-12-14 09:28:54 -------- d-----w- C:\Users\Kevin\AppData\Local\CutePDF Writer
2010-12-14 09:27:03 85504 ----a-w- C:\windows\System32\cpwmon64.dll
2010-12-14 09:27:02 -------- d-----w- C:\Program Files (x86)\Acro Software
2010-12-14 09:25:57 -------- d-----w- C:\Program Files (x86)\GPLGS
2010-12-12 17:29:16 -------- d-----w- C:\Users\Kevin\DoctorWeb
2010-12-12 09:54:42 34560 ----a-w- C:\windows\SysWow64\drivers\Normandy.sys
2010-12-11 16:56:18 65736 ----a-w- C:\windows\System32\drivers\pxrts.sys
2010-12-11 16:56:18 62976 ----a-w- C:\windows\SysWow64\PxSecure.dll
2010-12-11 16:56:18 36384 ----a-w- C:\windows\System32\drivers\pxscan.sys
2010-12-11 16:56:17 24024 ----a-w- C:\windows\System32\drivers\pxkbf.sys
2010-12-11 16:56:17 -------- d-----w- C:\Program Files\Prevx
2010-12-11 16:55:57 -------- d-----w- C:\PROGRA~3\PrevxCSI
2010-12-11 11:23:30 388096 ----a-r- C:\Users\Kevin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-11 11:23:30 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-12-10 08:36:36 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes
2010-12-10 08:36:32 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-10 08:36:32 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-10 08:36:28 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
2010-12-10 08:36:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-10 08:17:36 19528 ----a-w- C:\windows\System32\drivers\hitmanpro35.sys
2010-12-10 08:17:35 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2010-12-10 08:17:14 -------- d-----w- C:\PROGRA~3\Hitman Pro
2010-12-08 19:18:08 -------- d-----w- C:\Program Files (x86)\Veetle
2010-11-30 16:03:04 -------- d-----w- C:\Program Files\Common Files\Sage SBD
2010-11-30 16:02:51 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2010-11-30 16:02:05 -------- d-----w- C:\Program Files (x86)\Sage Payroll
2010-11-30 16:02:05 -------- d-----w- C:\Program Files (x86)\Common Files\Sage Report Designer 2007
2010-11-30 16:01:35 434688 ------w- C:\windows\SysWow64\acfpdfuiamd64.dll
2010-11-30 16:01:35 345088 ------w- C:\windows\SysWow64\acfpdfuiia64.dll
2010-11-30 16:01:35 1092096 ------w- C:\windows\SysWow64\acfpdfuia64.dll
2010-11-30 16:01:34 921600 ------w- C:\windows\SysWow64\acfpdfuamd64.dll
2010-11-30 16:01:33 285492 ------w- C:\windows\SysWow64\acfpdfnt.dll
2010-11-29 17:38:30 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2010-11-27 15:06:07 177200 ----a-w- C:\windows\System32\drivers\BAPIDRV64.SYS
2010-11-27 15:04:09 -------- d-----w- C:\360Rec
2010-11-27 15:03:59 -------- d-----w- C:\Program Files (x86)\360
2010-11-27 15:00:54 -------- d-----w- C:\PROGRA~3\PPLive
2010-11-27 15:00:37 624056 ----a-w- C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.0.335\mframe.dll
2010-11-27 15:00:37 312768 ----a-w- C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.0.335\ppp.dll
2010-11-24 08:00:00 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 08:00:00 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

==================== Find3M ====================

2010-11-10 16:23:08 739328 ----a-w- C:\windows\Payroll for Windows.msi
2010-11-05 12:22:40 13824 ----a-w- C:\windows\SysWow64\SgELauncher.dll
2010-11-05 12:22:40 13824 ----a-w- C:\windows\SysWow64\SgEData.dll
2010-11-04 06:35:53 1194496 ----a-w- C:\windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2010-11-02 04:34:33 179712 ----a-w- C:\windows\SysWow64\schtasks.exe
2010-10-20 05:20:01 46080 ----a-w- C:\windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\windows\SysWow64\atmfd.dll
2010-10-19 10:41:44 270720 ------w- C:\windows\System32\MpSigStub.exe
2010-10-16 05:23:13 112000 ----a-w- C:\windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\windows\SysWow64\webio.dll
2010-10-07 12:36:16 96544 ----a-w- C:\windows\System32\dnssd.dll
2010-10-07 12:36:16 119584 ----a-w- C:\windows\System32\dns-sd.exe
2010-10-07 12:23:02 91424 ----a-w- C:\windows\SysWow64\dnssd.dll
2010-10-07 12:23:02 107808 ----a-w- C:\windows\SysWow64\dns-sd.exe
2010-09-27 11:39:10 110592 ----a-w- C:\windows\SysWow64\SageSantander.dll
2010-09-22 23:47:28 49016 ----a-w- C:\windows\SysWow64\sirenacm.dll
2010-09-22 23:36:48 48488 ----a-w- C:\windows\System32\drivers\fssfltr.sys
2010-09-22 23:32:56 301936 ----a-w- C:\windows\WLXPGSS.SCR
2010-09-21 13:49:02 252800 ----a-w- C:\windows\System32\LIVESSP.DLL
2010-09-21 13:03:14 208768 ----a-w- C:\windows\SysWow64\LIVESSP.DLL

============= FINISH: 16:38:18.07 ===============

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:48 PM

Posted 19 December 2010 - 12:10 PM

A rootkit looks likely. We can deal with your wife's machine afterwards if you want :)

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 Firthy

Firthy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 19 December 2010 - 12:36 PM

Nothing found

2010/12/19 17:34:02.0636 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/19 17:34:02.0636 ================================================================================
2010/12/19 17:34:02.0636 SystemInfo:
2010/12/19 17:34:02.0636
2010/12/19 17:34:02.0636 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/19 17:34:02.0636 Product type: Workstation
2010/12/19 17:34:02.0636 ComputerName: KEVIN-SAMSUNG
2010/12/19 17:34:02.0637 UserName: Kevin
2010/12/19 17:34:02.0637 Windows directory: C:\windows
2010/12/19 17:34:02.0637 System windows directory: C:\windows
2010/12/19 17:34:02.0637 Running under WOW64
2010/12/19 17:34:02.0638 Processor architecture: Intel x64
2010/12/19 17:34:02.0638 Number of processors: 4
2010/12/19 17:34:02.0638 Page size: 0x1000
2010/12/19 17:34:02.0638 Boot type: Normal boot
2010/12/19 17:34:02.0638 ================================================================================
2010/12/19 17:34:02.0638 Utility is running under WOW64
2010/12/19 17:34:03.0178 Initialize success
2010/12/19 17:34:17.0348 ================================================================================
2010/12/19 17:34:17.0348 Scan started
2010/12/19 17:34:17.0348 Mode: Manual;
2010/12/19 17:34:17.0348 ================================================================================
2010/12/19 17:34:18.0532 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
2010/12/19 17:34:18.0652 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
2010/12/19 17:34:18.0753 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
2010/12/19 17:34:18.0886 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
2010/12/19 17:34:19.0007 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2010/12/19 17:34:19.0117 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
2010/12/19 17:34:19.0238 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys
2010/12/19 17:34:19.0346 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
2010/12/19 17:34:19.0470 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
2010/12/19 17:34:19.0571 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
2010/12/19 17:34:19.0681 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2010/12/19 17:34:19.0781 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2010/12/19 17:34:19.0875 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys
2010/12/19 17:34:19.0984 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2010/12/19 17:34:20.0078 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys
2010/12/19 17:34:20.0208 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
2010/12/19 17:34:20.0358 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2010/12/19 17:34:20.0458 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2010/12/19 17:34:20.0563 aswFsBlk (b76182f203e0bd5eb6a5f6538f0faee4) C:\windows\system32\drivers\aswFsBlk.sys
2010/12/19 17:34:20.0672 aswMonFlt (a88e9544edda1ce83825dd22d6a8b5f9) C:\windows\system32\drivers\aswMonFlt.sys
2010/12/19 17:34:20.0804 aswRdr (cfad2fb33b22e7039c9dc233baacbf8b) C:\windows\system32\drivers\aswRdr.sys
2010/12/19 17:34:20.0904 aswSP (594365e887f4a5ad3970870b352eb887) C:\windows\system32\drivers\aswSP.sys
2010/12/19 17:34:21.0036 aswTdi (4ba0a0e1d36f88f536180ffe5efd8b7c) C:\windows\system32\drivers\aswTdi.sys
2010/12/19 17:34:21.0132 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2010/12/19 17:34:21.0238 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
2010/12/19 17:34:21.0420 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
2010/12/19 17:34:21.0543 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2010/12/19 17:34:21.0656 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
2010/12/19 17:34:21.0795 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2010/12/19 17:34:21.0922 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys
2010/12/19 17:34:22.0038 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2010/12/19 17:34:22.0150 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2010/12/19 17:34:22.0248 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2010/12/19 17:34:22.0350 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2010/12/19 17:34:22.0457 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2010/12/19 17:34:22.0546 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2010/12/19 17:34:22.0654 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
2010/12/19 17:34:22.0757 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2010/12/19 17:34:22.0860 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
2010/12/19 17:34:22.0977 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\windows\system32\Drivers\BTHport.sys
2010/12/19 17:34:23.0092 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\windows\system32\Drivers\BTHUSB.sys
2010/12/19 17:34:23.0201 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\windows\system32\drivers\btusbflt.sys
2010/12/19 17:34:23.0325 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\windows\system32\drivers\btwaudio.sys
2010/12/19 17:34:23.0433 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\windows\system32\DRIVERS\btwavdt.sys
2010/12/19 17:34:23.0565 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys
2010/12/19 17:34:23.0668 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\windows\system32\DRIVERS\btwrchid.sys
2010/12/19 17:34:23.0789 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2010/12/19 17:34:23.0907 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
2010/12/19 17:34:24.0026 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2010/12/19 17:34:24.0138 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2010/12/19 17:34:24.0290 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2010/12/19 17:34:24.0378 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
2010/12/19 17:34:24.0511 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
2010/12/19 17:34:24.0626 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2010/12/19 17:34:24.0727 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
2010/12/19 17:34:24.0840 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2010/12/19 17:34:24.0987 dc3d (26c9db5fb11aa1c90ca4b7a986cca4f3) C:\windows\system32\DRIVERS\dc3d.sys
2010/12/19 17:34:25.0112 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys
2010/12/19 17:34:25.0224 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2010/12/19 17:34:25.0329 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2010/12/19 17:34:25.0447 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2010/12/19 17:34:25.0553 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\windows\System32\drivers\dxgkrnl.sys
2010/12/19 17:34:25.0726 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2010/12/19 17:34:25.0906 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2010/12/19 17:34:26.0003 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
2010/12/19 17:34:26.0121 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2010/12/19 17:34:26.0212 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2010/12/19 17:34:26.0325 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2010/12/19 17:34:26.0456 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2010/12/19 17:34:26.0548 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2010/12/19 17:34:26.0669 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2010/12/19 17:34:26.0770 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
2010/12/19 17:34:26.0885 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
2010/12/19 17:34:26.0996 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
2010/12/19 17:34:27.0099 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2010/12/19 17:34:27.0205 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
2010/12/19 17:34:27.0309 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2010/12/19 17:34:27.0421 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/19 17:34:27.0541 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2010/12/19 17:34:27.0656 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
2010/12/19 17:34:27.0773 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
2010/12/19 17:34:27.0868 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2010/12/19 17:34:27.0961 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2010/12/19 17:34:28.0074 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2010/12/19 17:34:28.0202 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
2010/12/19 17:34:28.0321 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
2010/12/19 17:34:28.0446 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
2010/12/19 17:34:28.0549 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
2010/12/19 17:34:28.0666 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
2010/12/19 17:34:28.0770 iaStor (073a606333b6f7bbf20aa856df7f0997) C:\windows\system32\DRIVERS\iaStor.sys
2010/12/19 17:34:28.0886 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys
2010/12/19 17:34:29.0139 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
2010/12/19 17:34:29.0354 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2010/12/19 17:34:29.0492 Impcd (42ab9eb7a48b173f32743fbbb4b85626) C:\windows\system32\DRIVERS\Impcd.sys
2010/12/19 17:34:29.0653 IntcAzAudAddService (801946ce25dd2179fe68599826b0bb88) C:\windows\system32\drivers\RTKVHD64.sys
2010/12/19 17:34:29.0769 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
2010/12/19 17:34:29.0878 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2010/12/19 17:34:29.0998 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
2010/12/19 17:34:30.0111 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
2010/12/19 17:34:30.0228 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2010/12/19 17:34:30.0356 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2010/12/19 17:34:30.0448 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
2010/12/19 17:34:30.0553 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
2010/12/19 17:34:30.0670 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
2010/12/19 17:34:30.0782 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
2010/12/19 17:34:30.0891 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
2010/12/19 17:34:30.0984 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
2010/12/19 17:34:31.0096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2010/12/19 17:34:31.0220 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2010/12/19 17:34:31.0349 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2010/12/19 17:34:31.0461 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2010/12/19 17:34:31.0570 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2010/12/19 17:34:31.0678 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2010/12/19 17:34:31.0769 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2010/12/19 17:34:31.0889 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2010/12/19 17:34:31.0992 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2010/12/19 17:34:32.0089 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2010/12/19 17:34:32.0191 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2010/12/19 17:34:32.0308 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
2010/12/19 17:34:32.0411 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2010/12/19 17:34:32.0522 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
2010/12/19 17:34:32.0620 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
2010/12/19 17:34:32.0720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2010/12/19 17:34:32.0832 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
2010/12/19 17:34:32.0928 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\windows\system32\DRIVERS\mrxsmb.sys
2010/12/19 17:34:33.0035 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\windows\system32\DRIVERS\mrxsmb10.sys
2010/12/19 17:34:33.0144 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\windows\system32\DRIVERS\mrxsmb20.sys
2010/12/19 17:34:33.0237 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
2010/12/19 17:34:33.0337 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
2010/12/19 17:34:33.0443 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2010/12/19 17:34:33.0543 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2010/12/19 17:34:33.0633 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
2010/12/19 17:34:33.0747 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2010/12/19 17:34:33.0841 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2010/12/19 17:34:33.0950 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2010/12/19 17:34:34.0058 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
2010/12/19 17:34:34.0154 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
2010/12/19 17:34:34.0260 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2010/12/19 17:34:34.0355 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2010/12/19 17:34:34.0445 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
2010/12/19 17:34:34.0592 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
2010/12/19 17:34:34.0753 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
2010/12/19 17:34:34.0862 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2010/12/19 17:34:34.0960 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2010/12/19 17:34:35.0066 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
2010/12/19 17:34:35.0160 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
2010/12/19 17:34:35.0265 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
2010/12/19 17:34:35.0376 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2010/12/19 17:34:35.0475 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
2010/12/19 17:34:35.0602 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2010/12/19 17:34:35.0801 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2010/12/19 17:34:35.0909 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2010/12/19 17:34:36.0048 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys
2010/12/19 17:34:36.0177 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\windows\system32\DRIVERS\NuidFltr.sys
2010/12/19 17:34:36.0287 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2010/12/19 17:34:36.0392 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\windows\system32\drivers\nvhda64v.sys
2010/12/19 17:34:36.0803 nvlddmkm (1e5312e8dc483867efb854935c7aca65) C:\windows\system32\DRIVERS\nvlddmkm.sys
2010/12/19 17:34:37.0210 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys
2010/12/19 17:34:37.0324 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys
2010/12/19 17:34:37.0437 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
2010/12/19 17:34:37.0543 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
2010/12/19 17:34:37.0678 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2010/12/19 17:34:37.0773 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
2010/12/19 17:34:37.0884 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\windows\system32\DRIVERS\pccsmcfdx64.sys
2010/12/19 17:34:37.0987 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
2010/12/19 17:34:38.0079 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
2010/12/19 17:34:38.0176 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2010/12/19 17:34:38.0282 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2010/12/19 17:34:38.0407 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2010/12/19 17:34:38.0570 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
2010/12/19 17:34:38.0672 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2010/12/19 17:34:38.0781 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
2010/12/19 17:34:38.0910 pxkbf (ba5f7c107eace67973b4b798832a74c7) C:\windows\system32\drivers\pxkbf.sys
2010/12/19 17:34:39.0027 pxrts (007e57428802f587d0d6737ae7a9d989) C:\windows\system32\drivers\pxrts.sys
2010/12/19 17:34:39.0126 pxscan (66d4d00c8908888a68b749d91f1e6789) C:\windows\system32\drivers\pxscan.sys
2010/12/19 17:34:39.0254 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2010/12/19 17:34:39.0388 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2010/12/19 17:34:39.0493 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2010/12/19 17:34:39.0588 RapportKE64 (d028cc0f596496c125960af6ee5eccbd) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
2010/12/19 17:34:39.0700 RapportPG64 (3e089efd382ded78c0d0365f16c2be06) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
2010/12/19 17:34:39.0781 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
2010/12/19 17:34:39.0876 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2010/12/19 17:34:39.0982 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
2010/12/19 17:34:40.0096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2010/12/19 17:34:40.0202 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2010/12/19 17:34:40.0322 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
2010/12/19 17:34:40.0442 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2010/12/19 17:34:40.0552 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2010/12/19 17:34:40.0672 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2010/12/19 17:34:40.0782 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2010/12/19 17:34:40.0882 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
2010/12/19 17:34:41.0012 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
2010/12/19 17:34:41.0167 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
2010/12/19 17:34:41.0295 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2010/12/19 17:34:41.0426 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
2010/12/19 17:34:41.0552 rtl819xpn64 (2362226743449c713e1cd3210595f9ab) C:\windows\system32\DRIVERS\rtl819xp.sys
2010/12/19 17:34:41.0665 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
2010/12/19 17:34:41.0775 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
2010/12/19 17:34:41.0908 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
2010/12/19 17:34:42.0026 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2010/12/19 17:34:42.0155 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2010/12/19 17:34:42.0265 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2010/12/19 17:34:42.0356 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2010/12/19 17:34:42.0487 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
2010/12/19 17:34:42.0588 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
2010/12/19 17:34:42.0695 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
2010/12/19 17:34:42.0811 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2010/12/19 17:34:42.0950 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2010/12/19 17:34:43.0062 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2010/12/19 17:34:43.0187 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2010/12/19 17:34:43.0331 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2010/12/19 17:34:43.0465 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\windows\system32\DRIVERS\srv.sys
2010/12/19 17:34:43.0589 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\windows\system32\DRIVERS\srv2.sys
2010/12/19 17:34:43.0706 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\windows\system32\DRIVERS\srvnet.sys
2010/12/19 17:34:43.0847 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2010/12/19 17:34:43.0959 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
2010/12/19 17:34:44.0073 SynTP (2f827bb08cc7f1a17df2ead7b424d731) C:\windows\system32\DRIVERS\SynTP.sys
2010/12/19 17:34:44.0182 synusb64 (bcb6aa197267d3506be2535342fc40e0) C:\windows\system32\DRIVERS\synusb64.sys
2010/12/19 17:34:44.0362 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\drivers\tcpip.sys
2010/12/19 17:34:44.0540 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\DRIVERS\tcpip.sys
2010/12/19 17:34:44.0661 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
2010/12/19 17:34:44.0783 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2010/12/19 17:34:44.0889 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2010/12/19 17:34:45.0007 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
2010/12/19 17:34:45.0123 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
2010/12/19 17:34:45.0260 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
2010/12/19 17:34:45.0381 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
2010/12/19 17:34:45.0482 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2010/12/19 17:34:45.0580 udfs (31ba4a33afab6a69ea092b18017f737f) C:\windows\system32\DRIVERS\udfs.sys
2010/12/19 17:34:45.0687 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
2010/12/19 17:34:45.0797 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
2010/12/19 17:34:45.0887 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2010/12/19 17:34:45.0987 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
2010/12/19 17:34:46.0107 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
2010/12/19 17:34:46.0261 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\windows\system32\DRIVERS\usbehci.sys
2010/12/19 17:34:46.0399 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\windows\system32\DRIVERS\usbhub.sys
2010/12/19 17:34:46.0509 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
2010/12/19 17:34:46.0632 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2010/12/19 17:34:46.0733 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS
2010/12/19 17:34:46.0828 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
2010/12/19 17:34:46.0941 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
2010/12/19 17:34:47.0066 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\windows\system32\DRIVERS\usb8023x.sys
2010/12/19 17:34:47.0188 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
2010/12/19 17:34:47.0303 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2010/12/19 17:34:47.0408 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2010/12/19 17:34:47.0510 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
2010/12/19 17:34:47.0618 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
2010/12/19 17:34:47.0728 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
2010/12/19 17:34:47.0832 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
2010/12/19 17:34:47.0953 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
2010/12/19 17:34:48.0074 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2010/12/19 17:34:48.0183 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
2010/12/19 17:34:48.0310 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
2010/12/19 17:34:48.0429 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
2010/12/19 17:34:48.0576 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2010/12/19 17:34:48.0676 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2010/12/19 17:34:48.0689 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2010/12/19 17:34:48.0835 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2010/12/19 17:34:48.0939 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2010/12/19 17:34:49.0060 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2010/12/19 17:34:49.0163 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2010/12/19 17:34:49.0313 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
2010/12/19 17:34:49.0443 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
2010/12/19 17:34:49.0583 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2010/12/19 17:34:49.0704 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
2010/12/19 17:34:49.0815 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
2010/12/19 17:34:49.0943 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\windows\system32\DRIVERS\yk62x64.sys
2010/12/19 17:34:50.0280 ================================================================================
2010/12/19 17:34:50.0280 Scan finished
2010/12/19 17:34:50.0280 ================================================================================

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:48 PM

Posted 19 December 2010 - 04:54 PM

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#7 Firthy

Firthy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 20 December 2010 - 05:26 AM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R780/R778
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 195):
0x0365F000 \SystemRoot\system32\ntoskrnl.exe
0x03616000 \SystemRoot\system32\hal.dll
0x00BB4000 \SystemRoot\system32\kdcom.dll
0x00C35000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C79000 \SystemRoot\system32\PSHED.dll
0x00C8D000 \SystemRoot\system32\CLFS.SYS
0x00CEB000 \SystemRoot\system32\CI.dll
0x00E39000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EDD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EEC000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F43000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F4C000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F56000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F89000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F96000 \SystemRoot\System32\drivers\partmgr.sys
0x00FAB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FB4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FC0000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x0102F000 \SystemRoot\System32\drivers\volmgrx.sys
0x0108B000 \SystemRoot\System32\drivers\mountmgr.sys
0x010A5000 \SystemRoot\System32\drivers\pxscan.sys
0x01262000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0146A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01473000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0149D000 \SystemRoot\system32\DRIVERS\msahci.sys
0x014A8000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x014B8000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x014C3000 \SystemRoot\system32\drivers\fltmgr.sys
0x0150F000 \SystemRoot\system32\drivers\fileinfo.sys
0x01619000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01523000 \SystemRoot\System32\Drivers\msrpc.sys
0x017BC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01581000 \SystemRoot\System32\Drivers\cng.sys
0x017D6000 \SystemRoot\System32\drivers\pcw.sys
0x017E7000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x010B1000 \SystemRoot\system32\drivers\ndis.sys
0x01200000 \SystemRoot\system32\drivers\NETIO.SYS
0x011A3000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x00DAB000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017F1000 \SystemRoot\System32\Drivers\spldr.sys
0x01871000 \SystemRoot\System32\drivers\rdyboost.sys
0x018AB000 \SystemRoot\System32\Drivers\mup.sys
0x018BD000 \SystemRoot\System32\drivers\hwpolicy.sys
0x018C6000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01900000 \SystemRoot\system32\DRIVERS\disk.sys
0x01916000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0427F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x042A9000 \SystemRoot\System32\drivers\pxrts.sys
0x042C1000 \SystemRoot\System32\drivers\TDI.SYS
0x042CE000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
0x042E0000 \SystemRoot\System32\Drivers\Null.SYS
0x042E9000 \SystemRoot\System32\Drivers\Beep.SYS
0x042F0000 \SystemRoot\System32\drivers\vga.sys
0x042FE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04323000 \SystemRoot\System32\drivers\watchdog.sys
0x04333000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0433C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04345000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0434E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04359000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03A03000 \SystemRoot\System32\drivers\tcpip.sys
0x0436A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x043B4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x043D2000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x01954000 \SystemRoot\system32\drivers\afd.sys
0x043E2000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x04000000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04045000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01800000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0404E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x043EC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01826000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01841000 \SystemRoot\system32\DRIVERS\termdd.sys
0x01855000 \??\C:\windows\system32\Drivers\SABI.sys
0x04406000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04457000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
0x0446A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04476000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04481000 \SystemRoot\System32\drivers\discache.sys
0x04490000 \SystemRoot\System32\Drivers\dfsc.sys
0x044AE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x044BF000 \SystemRoot\System32\Drivers\aswSP.SYS
0x044E2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x048A1000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x053CC000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04508000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04800000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04846000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0486A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05693000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x056E9000 \SystemRoot\system32\DRIVERS\rtl819xp.sys
0x05790000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05600000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x05665000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05683000 \SystemRoot\System32\drivers\pxkbf.sys
0x0579D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x057AC000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x057F9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0487B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0488A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x057FB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x053CE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x053E4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x019DE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x011CE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x053F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x01000000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x00FD5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00E00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00C00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0568C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0580C000 \SystemRoot\system32\DRIVERS\ks.sys
0x0584F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05861000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x058BB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x058D0000 \SystemRoot\system32\drivers\nvhda64v.sys
0x058E8000 \SystemRoot\system32\drivers\portcls.sys
0x05925000 \SystemRoot\system32\drivers\drmk.sys
0x05947000 \SystemRoot\system32\drivers\ksthunk.sys
0x05C66000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05E84000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04064000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05E92000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05EA5000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x05EB1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05EBA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05EC8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05EE1000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x05EEA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x05EF7000 \SystemRoot\System32\drivers\Dxapi.sys
0x05F03000 \SystemRoot\system32\drivers\btusbflt.sys
0x05F13000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x05F2B000 \SystemRoot\System32\Drivers\bthport.sys
0x05FB7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x05FC5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05C00000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05C2E000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x05FE2000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x0594D000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x0596D000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x05984000 \SystemRoot\system32\drivers\modem.sys
0x0261A000 \SystemRoot\system32\DRIVERS\btwavdt.sys
0x02695000 \SystemRoot\system32\drivers\btwaudio.sys
0x0271B000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x02727000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x00530000 \SystemRoot\System32\TSDDD.dll
0x00780000 \SystemRoot\System32\cdd.dll
0x008E0000 \SystemRoot\System32\ATMFD.DLL
0x0272B000 \SystemRoot\system32\drivers\luafv.sys
0x0274E000 \??\C:\windows\system32\drivers\aswMonFlt.sys
0x02788000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x02791000 \SystemRoot\system32\drivers\WudfPf.sys
0x027B2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05993000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x027C7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x027DA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x027F2000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x066AA000 \SystemRoot\system32\drivers\HTTP.sys
0x06772000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06790000 \SystemRoot\System32\drivers\mpsdrv.sys
0x067A8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0664E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06CD1000 \SystemRoot\system32\drivers\peauth.sys
0x06D77000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06D82000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06DAF000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06C00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x072E1000 \SystemRoot\System32\DRIVERS\srv.sys
0x073E8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77260000 \Windows\System32\ntdll.dll
0x477E0000 \Windows\System32\smss.exe
0xFF580000 \Windows\System32\apisetschema.dll
0xFF430000 \Windows\System32\autochk.exe
0xFF560000 \Windows\System32\nsi.dll
0xFF4C0000 \Windows\System32\msvcrt.dll
0xFF260000 \Windows\System32\iertutil.dll
0xFF1E0000 \Windows\System32\shlwapi.dll
0xFF140000 \Windows\System32\comdlg32.dll
0x77140000 \Windows\System32\kernel32.dll
0xFEFC0000 \Windows\System32\urlmon.dll
0x77040000 \Windows\System32\user32.dll
0xFEE90000 \Windows\System32\rpcrt4.dll
0xFEE70000 \Windows\System32\sechost.dll
0xFEE20000 \Windows\System32\Wldap32.dll
0xFED50000 \Windows\System32\usp10.dll
0xFEC70000 \Windows\System32\advapi32.dll
0xFEB90000 \Windows\System32\oleaut32.dll
0xFE980000 \Windows\System32\ole32.dll
0x77430000 \Windows\System32\psapi.dll
0xFE870000 \Windows\System32\msctf.dll
0xFE840000 \Windows\System32\imm32.dll
0xFE820000 \Windows\System32\imagehlp.dll
0xFDA90000 \Windows\System32\shell32.dll

Processes (total 91):
0 System Idle Process
4 System
360 C:\Windows\System32\smss.exe
516 csrss.exe
592 C:\Windows\System32\wininit.exe
620 csrss.exe
656 C:\Windows\System32\services.exe
676 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
788 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\nvvsvc.exe
912 C:\Windows\System32\svchost.exe
972 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
124 C:\Windows\System32\winlogon.exe
528 C:\Windows\System32\svchost.exe
396 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1264 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1288 C:\Windows\System32\nvvsvc.exe
1616 C:\Windows\System32\spoolsv.exe
1652 C:\Windows\System32\svchost.exe
1748 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1780 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1800 C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
1824 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1880 C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteService.exe
1932 C:\Program Files\Prevx\prevx.exe
1964 C:\Windows\System32\svchost.exe
1396 C:\Windows\SysWOW64\Rezip.exe
1836 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2096 C:\Windows\System32\svchost.exe
2136 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2300 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2332 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2764 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
2816 C:\Windows\System32\svchost.exe
2876 C:\Windows\System32\svchost.exe
3672 C:\Windows\System32\svchost.exe
3820 C:\Program Files\Windows Media Player\wmpnetwk.exe
3852 C:\Windows\System32\SearchIndexer.exe
2208 C:\Windows\System32\taskhost.exe
3096 C:\Windows\System32\dwm.exe
2904 C:\Windows\explorer.exe
1896 C:\Windows\System32\taskeng.exe
3280 C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
924 C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
3696 C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
2220 C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
4032 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
4044 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1304 C:\Windows\WindowsMobile\wmdc.exe
736 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
744 C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
3556 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
324 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
392 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
2684 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
3548 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
2784 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
4100 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
4164 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4256 C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
4272 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
4388 C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
4408 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4516 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4652 C:\Program Files\Prevx\prevx.exe
4676 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
4744 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
4204 C:\Windows\System32\svchost.exe
5052 C:\Program Files\iPod\bin\iPodService.exe
292 C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
3512 C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
4776 C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
5144 C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
5912 dllhost.exe
6784 C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
6984 C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
7024 C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe
5892 C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
5316 C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
3992 C:\Windows\splwow64.exe
6472 C:\Windows\System32\SearchProtocolHost.exe
6416 C:\Windows\System32\SearchFilterHost.exe
332 C:\Windows\System32\audiodg.exe
6720 dllhost.exe
4208 dllhost.exe
5564 C:\Users\Kevin\Downloads\MBRCheck.exe
6152 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000031`f7a00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG001A

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:48 PM

Posted 20 December 2010 - 07:15 PM

Ah, there it is. The MBR has been rewritten.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:If you do not have a Vista recovery disk then please burn one as shown here


Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter the correct number for your operating system, and then press Enter.
  • when asked Do you want to fix the MRB code? type in YES and press enter
  • Restart your PC.
After you restart the PC
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

Posted Image
m0le is a proud member of UNITE

#9 Firthy

Firthy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 21 December 2010 - 04:53 AM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R780/R778
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 210):
0x03804000 \SystemRoot\system32\ntoskrnl.exe
0x03DE0000 \SystemRoot\system32\hal.dll
0x00B96000 \SystemRoot\system32\kdcom.dll
0x00C13000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C57000 \SystemRoot\system32\PSHED.dll
0x00C6B000 \SystemRoot\system32\CLFS.SYS
0x00CC9000 \SystemRoot\system32\CI.dll
0x00E5E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F02000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F11000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F68000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F71000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F7B000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FAE000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FBB000 \SystemRoot\System32\drivers\partmgr.sys
0x00FD0000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FD9000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FE5000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00D89000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DA3000 \SystemRoot\System32\drivers\pxscan.sys
0x010F6000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x012FE000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01307000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01331000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0133C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x0134C000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01357000 \SystemRoot\system32\drivers\fltmgr.sys
0x013A3000 \SystemRoot\system32\drivers\fileinfo.sys
0x01426000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x015C9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0105E000 \SystemRoot\System32\Drivers\cng.sys
0x015E3000 \SystemRoot\System32\drivers\pcw.sys
0x015F4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016C1000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x017B3000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0168B000 \SystemRoot\System32\Drivers\spldr.sys
0x013B7000 \SystemRoot\System32\drivers\rdyboost.sys
0x01693000 \SystemRoot\System32\Drivers\mup.sys
0x016A5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x00DAF000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01400000 \SystemRoot\system32\DRIVERS\disk.sys
0x0181A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x04039000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x04063000 \SystemRoot\System32\drivers\pxrts.sys
0x0407B000 \SystemRoot\System32\drivers\TDI.SYS
0x04088000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
0x0409A000 \SystemRoot\System32\Drivers\Null.SYS
0x040A3000 \SystemRoot\System32\Drivers\Beep.SYS
0x040AA000 \SystemRoot\System32\drivers\vga.sys
0x040B8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x040DD000 \SystemRoot\System32\drivers\watchdog.sys
0x040ED000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x040F6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x040FF000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04108000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04113000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C00000 \SystemRoot\System32\drivers\tcpip.sys
0x04124000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0416E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0418C000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x01858000 \SystemRoot\system32\drivers\afd.sys
0x0419C000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x041A6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x041EB000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x018E2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03E00000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x01908000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01917000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01932000 \SystemRoot\system32\DRIVERS\termdd.sys
0x041F4000 \??\C:\windows\system32\Drivers\SABI.sys
0x01946000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01997000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
0x019AA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x019B6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x019C1000 \SystemRoot\System32\drivers\discache.sys
0x019D0000 \SystemRoot\System32\Drivers\dfsc.sys
0x019EE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x010D1000 \SystemRoot\System32\Drivers\aswSP.SYS
0x042FB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04820000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0534B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04200000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0534D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05393000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x053B7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04321000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04466000 \SystemRoot\system32\DRIVERS\rtl819xp.sys
0x0450D000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0451A000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x0457F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0459D000 \SystemRoot\System32\drivers\pxkbf.sys
0x045A6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04400000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0444D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0444F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x045B5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x045C2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x045C7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x045DD000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x053C8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04377000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x045ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0439B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x053DE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x043CA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04800000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x045F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0569B000 \SystemRoot\system32\DRIVERS\ks.sys
0x056DE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x056F0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0574A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0575F000 \SystemRoot\system32\drivers\nvhda64v.sys
0x05777000 \SystemRoot\system32\drivers\portcls.sys
0x057B4000 \SystemRoot\system32\drivers\drmk.sys
0x057D6000 \SystemRoot\system32\drivers\ksthunk.sys
0x05AF9000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x05D17000 \SystemRoot\System32\drivers\Dxapi.sys
0x05D23000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05D31000 \SystemRoot\system32\DRIVERS\monitor.sys
0x03E16000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05D3F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05D52000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x05D5E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05D67000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05D75000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05D8E000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x05D97000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00440000 \SystemRoot\System32\TSDDD.dll
0x006B0000 \SystemRoot\System32\cdd.dll
0x05DA4000 \SystemRoot\system32\drivers\btusbflt.sys
0x05DB4000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x05A00000 \SystemRoot\System32\Drivers\bthport.sys
0x00950000 \SystemRoot\System32\ATMFD.DLL
0x05A8C000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x05AB8000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x05AC8000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x05DCC000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x05DE3000 \SystemRoot\system32\drivers\modem.sys
0x05600000 \SystemRoot\system32\DRIVERS\btwavdt.sys
0x0388D000 \SystemRoot\system32\drivers\btwaudio.sys
0x03913000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x0391F000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x03923000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03940000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0396E000 \SystemRoot\system32\drivers\luafv.sys
0x03991000 \??\C:\windows\system32\drivers\aswMonFlt.sys
0x039CB000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x039D4000 \SystemRoot\system32\drivers\WudfPf.sys
0x03800000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03815000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03868000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0567B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0387B000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x072AD000 \SystemRoot\system32\drivers\HTTP.sys
0x07375000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07393000 \SystemRoot\System32\drivers\mpsdrv.sys
0x073AB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07200000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0724E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07887000 \SystemRoot\system32\drivers\peauth.sys
0x0792D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07938000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07965000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07977000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07AB7000 \SystemRoot\System32\DRIVERS\srv.sys
0x07B4D000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x76D00000 \Windows\System32\ntdll.dll
0x48190000 \Windows\System32\smss.exe
0xFF020000 \Windows\System32\apisetschema.dll
0xFF110000 \Windows\System32\autochk.exe
0xFE280000 \Windows\System32\shell32.dll
0x76ED0000 \Windows\System32\psapi.dll
0xFE100000 \Windows\System32\urlmon.dll
0xFE060000 \Windows\System32\msvcrt.dll
0xFDFC0000 \Windows\System32\comdlg32.dll
0xFDF40000 \Windows\System32\shlwapi.dll
0xFDF10000 \Windows\System32\imm32.dll
0xFDEC0000 \Windows\System32\Wldap32.dll
0xFDEB0000 \Windows\System32\nsi.dll
0xFDC50000 \Windows\System32\iertutil.dll
0xFDB70000 \Windows\System32\advapi32.dll
0xFDAF0000 \Windows\System32\difxapi.dll
0x76EC0000 \Windows\System32\normaliz.dll
0xFDAE0000 \Windows\System32\lpk.dll
0xFDA00000 \Windows\System32\oleaut32.dll
0xFD8F0000 \Windows\System32\msctf.dll
0xFD7C0000 \Windows\System32\rpcrt4.dll
0xFD7A0000 \Windows\System32\sechost.dll
0xFD5C0000 \Windows\System32\setupapi.dll
0xFD520000 \Windows\System32\clbcatq.dll
0xFD4D0000 \Windows\System32\ws2_32.dll
0xFD400000 \Windows\System32\usp10.dll
0xFD1F0000 \Windows\System32\ole32.dll
0x76C00000 \Windows\System32\user32.dll
0xFD1D0000 \Windows\System32\imagehlp.dll
0xFD160000 \Windows\System32\gdi32.dll
0x76AE0000 \Windows\System32\kernel32.dll
0xFD030000 \Windows\System32\wininet.dll
0xFCFC0000 \Windows\System32\KernelBase.dll
0xFCF20000 \Windows\System32\comctl32.dll
0xFCEE0000 \Windows\System32\wintrust.dll
0xFCEC0000 \Windows\System32\devobj.dll
0xFCE80000 \Windows\System32\cfgmgr32.dll
0xFCD10000 \Windows\System32\crypt32.dll
0xFCD00000 \Windows\System32\msasn1.dll

Processes (total 94):
0 System Idle Process
4 System
360 C:\Windows\System32\smss.exe
512 csrss.exe
580 C:\Windows\System32\wininit.exe
604 csrss.exe
644 C:\Windows\System32\services.exe
664 C:\Windows\System32\lsass.exe
672 C:\Windows\System32\lsm.exe
776 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\nvvsvc.exe
912 C:\Windows\System32\svchost.exe
972 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
116 C:\Windows\System32\winlogon.exe
532 C:\Windows\System32\svchost.exe
416 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\audiodg.exe
1108 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1268 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1300 C:\Windows\System32\nvvsvc.exe
1612 C:\Windows\System32\spoolsv.exe
1644 C:\Windows\System32\svchost.exe
1752 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1780 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1804 C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
1824 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1848 C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteService.exe
1920 C:\Program Files\Prevx\prevx.exe
1988 C:\Windows\System32\svchost.exe
1520 C:\Windows\SysWOW64\Rezip.exe
1092 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2068 C:\Windows\System32\svchost.exe
2104 C:\Windows\System32\svchost.exe
2148 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2332 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2348 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2624 C:\Windows\System32\taskhost.exe
2700 C:\Windows\System32\dwm.exe
2740 C:\Windows\explorer.exe
2892 C:\Program Files\Prevx\prevx.exe
3080 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3104 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3148 C:\Windows\WindowsMobile\wmdc.exe
3160 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3188 C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
3280 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
3340 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3552 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
3672 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
3772 C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
3872 C:\Windows\System32\svchost.exe
3924 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3952 C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
3964 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3972 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
4060 C:\Program Files (x86)\iTunes\iTunesHelper.exe
524 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3136 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
2832 C:\Windows\System32\svchost.exe
3116 C:\Windows\System32\svchost.exe
2732 C:\Windows\System32\taskeng.exe
3768 C:\Windows\System32\taskeng.exe
404 C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
3740 C:\Windows\System32\SearchIndexer.exe
1916 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
3496 C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
3472 C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
2772 C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
4280 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
4344 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
4484 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
4804 C:\Program Files\iPod\bin\iPodService.exe
5092 C:\Program Files\Windows Media Player\wmpnetwk.exe
2692 C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
4608 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
904 C:\Windows\System32\VSSVC.exe
4916 C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
1888 WmiPrvSE.exe
4656 C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
4072 C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
5124 C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
5188 C:\Windows\System32\svchost.exe
5352 WmiPrvSE.exe
5808 C:\Windows\System32\SearchProtocolHost.exe
5828 C:\Windows\System32\SearchFilterHost.exe
5908 C:\Windows\System32\svchost.exe
3704 dllhost.exe
5556 C:\Windows\splwow64.exe
5060 dllhost.exe
1956 dllhost.exe
4596 C:\Users\Kevin\Desktop\MBRCheck.exe
4008 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000031`f7a00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG001A

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:48 PM

Posted 21 December 2010 - 11:44 AM

It failed. It does sometimes.

1. Put the Windows 7 installation disc in the disc drive, and then start the computer.
2. Press a key when you are prompted.
3. Select a language, a time, a currency, a keyboard or an input method, and then click Next.
4. Click Repair your computer.
5. Click the operating system that you want to repair, and then click Next.
6. In the System Recovery Options dialog box, click Command Prompt.
7. Type Bootrec.exe, and then press ENTER.
8. Type Bootrec.exe /FixMbr

Now exit the system recovery, reboot and rerun the MBRCheck program and post the log.
Posted Image
m0le is a proud member of UNITE

#11 Firthy

Firthy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 21 December 2010 - 02:01 PM

My PC came with Windows 7 installed but can I use any Windows CD Disk as my wife has a copy although it's a different edition?

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:48 PM

Posted 21 December 2010 - 03:06 PM

No disk is not helpful, and you can't use your wife's different version. Try this fix which burns a disk to boot with.
  • Download NTBR_CD by noahdfear to the desktop.
  • Click on the NTBR_CD.exe to extract its contents to the desktop.
  • Once extracted, open the NTBR_CD folder and click on the BurnItCD application.
  • Insert a blank CD when prompted. The .iso image will be burned to the CD.
  • Boot the computer with the CD you just burned and follow the prompts.
  • Press Enter for English.
  • At the menu type 1 to select MBRWORK then hit Enter

    This screen will show the hard drive configuration.
    Posted Image
  • Type 5 to Install standard MBR code then hit Enter
  • Type 1 to select Standard then hit Enter
  • Type Y then hit Enter to confirm
  • Type E then hit Enter to exit
  • Back at the menu, type 6 to Quit.
  • Press Ctrl+Alt+Del to restart the machine.
  • Eject the CD upon restart and boot normally.
Then rerun MBRCheck and post the log
Posted Image
m0le is a proud member of UNITE

#13 Firthy

Firthy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 21 December 2010 - 03:11 PM

OK managed to make a recovery disk from my PC in the end


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R780/R778
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 210):
0x0385F000 \SystemRoot\system32\ntoskrnl.exe
0x03816000 \SystemRoot\system32\hal.dll
0x00BC6000 \SystemRoot\system32\kdcom.dll
0x00CC3000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D07000 \SystemRoot\system32\PSHED.dll
0x00D1B000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EB4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F58000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F67000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FBE000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FC7000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D79000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E99000 \SystemRoot\System32\drivers\pxscan.sys
0x010ED000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x012F5000 \SystemRoot\system32\DRIVERS\atapi.sys
0x012FE000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01328000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01333000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x01343000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0134E000 \SystemRoot\system32\drivers\fltmgr.sys
0x0139A000 \SystemRoot\system32\drivers\fileinfo.sys
0x01458000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0105E000 \SystemRoot\System32\Drivers\cng.sys
0x0141A000 \SystemRoot\System32\drivers\pcw.sys
0x0142B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01603000 \SystemRoot\system32\drivers\ndis.sys
0x016F5000 \SystemRoot\system32\drivers\NETIO.SYS
0x01755000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01780000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017CC000 \SystemRoot\System32\Drivers\spldr.sys
0x013AE000 \SystemRoot\System32\drivers\rdyboost.sys
0x017D4000 \SystemRoot\System32\Drivers\mup.sys
0x017E6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01882000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x018BC000 \SystemRoot\system32\DRIVERS\disk.sys
0x018D2000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x040DD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x04107000 \SystemRoot\System32\drivers\pxrts.sys
0x0411F000 \SystemRoot\System32\drivers\TDI.SYS
0x0412C000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
0x0413E000 \SystemRoot\System32\Drivers\Null.SYS
0x04147000 \SystemRoot\System32\Drivers\Beep.SYS
0x0414E000 \SystemRoot\System32\drivers\vga.sys
0x0415C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04181000 \SystemRoot\System32\drivers\watchdog.sys
0x04191000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0419A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x041A3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x041AC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x041B7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C01000 \SystemRoot\System32\drivers\tcpip.sys
0x03E00000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x03E4A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03E68000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x01910000 \SystemRoot\system32\drivers\afd.sys
0x03E78000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x0199A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03E82000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03E8B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x041C8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x041DE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x019DF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01800000 \SystemRoot\system32\DRIVERS\termdd.sys
0x041ED000 \??\C:\windows\system32\Drivers\SABI.sys
0x01814000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01865000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
0x03EB1000 \SystemRoot\system32\drivers\nsiproxy.sys
0x017EF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x01435000 \SystemRoot\System32\drivers\discache.sys
0x00FD1000 \SystemRoot\System32\Drivers\dfsc.sys
0x01444000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x00DD5000 \SystemRoot\System32\Drivers\aswSP.SYS
0x042FA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0483C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x05367000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04200000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05369000 \SystemRoot\System32\drivers\dxgmms1.sys
0x053AF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x053D3000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04320000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x044DE000 \SystemRoot\system32\DRIVERS\rtl819xp.sys
0x04585000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04592000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x04400000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0441E000 \SystemRoot\System32\drivers\pxkbf.sys
0x04427000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04436000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04483000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04485000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04494000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x044A1000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x044A6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x044BC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x053E4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x044CC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04376000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x043A5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x043C0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x043E1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x044D8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x056E3000 \SystemRoot\system32\DRIVERS\ks.sys
0x05726000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05738000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05792000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x057A7000 \SystemRoot\system32\drivers\nvhda64v.sys
0x057BF000 \SystemRoot\system32\drivers\portcls.sys
0x05600000 \SystemRoot\system32\drivers\drmk.sys
0x05622000 \SystemRoot\system32\drivers\ksthunk.sys
0x05C9D000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x05EBB000 \SystemRoot\System32\drivers\Dxapi.sys
0x05EC7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05ED5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x03EBD000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05EE3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05EF6000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x05F02000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05F0B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05F19000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05F32000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x05F3B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00510000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x05F48000 \SystemRoot\system32\drivers\btusbflt.sys
0x05F58000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x05F70000 \SystemRoot\System32\Drivers\bthport.sys
0x00910000 \SystemRoot\System32\ATMFD.DLL
0x05C00000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x05C2C000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x05C3C000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x05C5C000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x05C73000 \SystemRoot\system32\drivers\modem.sys
0x05628000 \SystemRoot\system32\DRIVERS\btwavdt.sys
0x038DE000 \SystemRoot\system32\drivers\btwaudio.sys
0x03964000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x03970000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x03974000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x03991000 \SystemRoot\System32\Drivers\usbvideo.sys
0x039BF000 \SystemRoot\system32\drivers\luafv.sys
0x03800000 \??\C:\windows\system32\drivers\aswMonFlt.sys
0x0383A000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x03843000 \SystemRoot\system32\drivers\WudfPf.sys
0x03864000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03879000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x039E2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05C82000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x039F5000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x064BE000 \SystemRoot\system32\drivers\HTTP.sys
0x06586000 \SystemRoot\system32\DRIVERS\bowser.sys
0x065A4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x065BC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0644E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06A44000 \SystemRoot\system32\drivers\peauth.sys
0x06AEA000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06AF5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06B22000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06B34000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07290000 \SystemRoot\System32\DRIVERS\srv.sys
0x77220000 \Windows\System32\ntdll.dll
0x47AD0000 \Windows\System32\smss.exe
0xFF540000 \Windows\System32\apisetschema.dll
0xFFC80000 \Windows\System32\autochk.exe
0xFF320000 \Windows\System32\ole32.dll
0xFF210000 \Windows\System32\msctf.dll
0xFF200000 \Windows\System32\lpk.dll
0xFEFA0000 \Windows\System32\iertutil.dll
0xFEF00000 \Windows\System32\clbcatq.dll
0xFEDD0000 \Windows\System32\rpcrt4.dll
0xFEDC0000 \Windows\System32\nsi.dll
0xFED20000 \Windows\System32\msvcrt.dll
0xFEBF0000 \Windows\System32\wininet.dll
0xFEBA0000 \Windows\System32\ws2_32.dll
0x77120000 \Windows\System32\user32.dll
0xFEB20000 \Windows\System32\shlwapi.dll
0xFEB00000 \Windows\System32\sechost.dll
0xFDD70000 \Windows\System32\shell32.dll
0xFDD40000 \Windows\System32\imm32.dll
0xFDD20000 \Windows\System32\imagehlp.dll
0x773F0000 \Windows\System32\normaliz.dll
0xFDC50000 \Windows\System32\usp10.dll
0xFDAD0000 \Windows\System32\urlmon.dll
0x77000000 \Windows\System32\kernel32.dll
0xFD9F0000 \Windows\System32\advapi32.dll
0xFD970000 \Windows\System32\difxapi.dll
0xFD890000 \Windows\System32\oleaut32.dll
0xFD840000 \Windows\System32\Wldap32.dll
0xFD7A0000 \Windows\System32\comdlg32.dll
0xFD5C0000 \Windows\System32\setupapi.dll
0xFD550000 \Windows\System32\gdi32.dll
0x773E0000 \Windows\System32\psapi.dll
0xFD510000 \Windows\System32\wintrust.dll
0xFD470000 \Windows\System32\comctl32.dll
0xFD400000 \Windows\System32\KernelBase.dll
0xFD290000 \Windows\System32\crypt32.dll
0xFD250000 \Windows\System32\cfgmgr32.dll
0xFD230000 \Windows\System32\devobj.dll
0xFD220000 \Windows\System32\msasn1.dll
0x764C0000 \Windows\SysWOW64\normaliz.dll

Processes (total 87):
0 System Idle Process
4 System
360 C:\Windows\System32\smss.exe
512 csrss.exe
580 C:\Windows\System32\wininit.exe
600 csrss.exe
636 C:\Windows\System32\services.exe
664 C:\Windows\System32\lsass.exe
672 C:\Windows\System32\lsm.exe
768 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\nvvsvc.exe
904 C:\Windows\System32\svchost.exe
964 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
1016 C:\Windows\System32\winlogon.exe
528 C:\Windows\System32\svchost.exe
420 C:\Windows\System32\svchost.exe
588 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\audiodg.exe
1112 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\nvvsvc.exe
1300 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1632 C:\Windows\System32\spoolsv.exe
1664 C:\Windows\System32\svchost.exe
1772 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1804 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1824 C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
1848 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1880 C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteService.exe
1972 C:\Program Files\Prevx\prevx.exe
2004 C:\Windows\System32\svchost.exe
1520 C:\Windows\SysWOW64\Rezip.exe
1156 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2068 C:\Windows\System32\svchost.exe
2112 C:\Windows\System32\svchost.exe
2144 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2340 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2360 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2528 C:\Windows\System32\taskhost.exe
2632 C:\Windows\System32\dwm.exe
2660 C:\Program Files\Prevx\prevx.exe
2716 C:\Windows\explorer.exe
3148 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
3196 C:\Windows\System32\svchost.exe
3240 C:\Windows\System32\svchost.exe
3312 C:\Windows\System32\taskeng.exe
3420 C:\Windows\System32\taskeng.exe
3880 C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
3888 C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
4032 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
4060 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
4076 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3580 C:\Windows\System32\SearchIndexer.exe
3772 C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
3652 C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
376 C:\Windows\WindowsMobile\wmdc.exe
3964 C:\Windows\System32\svchost.exe
2464 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4152 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4160 C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
4224 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
4344 C:\Program Files\Windows Media Player\wmpnetwk.exe
4384 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
4552 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
4656 C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
4692 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
4748 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
5020 C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
5028 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
5040 C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
5112 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4132 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
4440 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
4520 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4168 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
4288 C:\Windows\System32\VSSVC.exe
3484 WmiPrvSE.exe
4936 C:\Program Files\iPod\bin\iPodService.exe
4216 C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
1928 C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
4360 C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
2436 C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
5180 WmiPrvSE.exe
5500 dllhost.exe
5536 dllhost.exe
5568 C:\Users\Kevin\Desktop\MBRCheck.exe
5580 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000031`f7a00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG001A

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:48 PM

Posted 21 December 2010 - 03:35 PM

Good, that's finally reset that.

Please run Combofix next

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#15 Firthy

Firthy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 21 December 2010 - 04:22 PM

ComboFix 10-12-21.01 - Kevin 21/12/2010 21:07:32.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3950.2100 [GMT 0:00]
Running from: c:\users\Kevin\Desktop\Comfix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\360Rec
c:\users\Kevin\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\Install.inf
c:\windows\system32\install.exe
c:\windows\SysWow64\install.exe
D:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-21 to 2010-12-21 )))))))))))))))))))))))))))))))
.

2010-12-22 03:22 . 2010-12-22 03:22 -------- d-----w- c:\windows\SysWow64\wbem\it-IT
2010-12-22 03:22 . 2010-12-22 03:22 -------- d-----w- c:\windows\SysWow64\wbem\fr-FR
2010-12-22 03:22 . 2010-12-22 03:22 -------- d-----w- c:\windows\SysWow64\wbem\de-DE
2010-12-22 03:22 . 2010-12-22 03:22 -------- d-----w- c:\windows\system32\wbem\it-IT
2010-12-22 03:22 . 2010-12-22 03:22 -------- d-----w- c:\windows\system32\wbem\fr-FR
2010-12-22 03:22 . 2010-12-22 03:22 -------- d-----w- c:\windows\system32\wbem\de-DE
2010-12-22 03:21 . 2009-06-18 01:15 49480 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-12-22 03:21 . 2009-06-18 01:15 307400 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-12-22 03:21 . 2009-06-18 01:15 102600 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-12-22 03:21 . 2009-06-18 01:08 40904 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-12-22 03:21 . 2009-04-09 05:23 176144 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-12-21 21:14 . 2010-12-21 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-21 19:52 . 2010-12-21 19:52 -------- dc----w- c:\users\Kevin\AppData\Local\MigWiz
2010-12-21 07:49 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FE471C8-3DAE-44D5-9413-FCE2CE01CAB9}\mpengine.dll
2010-12-17 21:18 . 2010-12-17 21:18 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2010-12-17 13:57 . 2010-12-17 13:58 -------- d-----w- c:\program files\iTunes
2010-12-17 13:57 . 2010-12-17 13:58 -------- d-----w- c:\program files (x86)\iTunes
2010-12-17 13:57 . 2010-12-17 13:57 -------- d-----w- c:\program files\iPod
2010-12-17 13:35 . 2010-12-17 13:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-17 13:35 . 2010-12-17 13:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-17 13:35 . 2010-12-17 13:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-17 13:35 . 2010-12-17 13:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-17 13:35 . 2010-12-17 13:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-17 13:35 . 2010-12-17 13:35 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-17 13:35 . 2010-05-08 10:27 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2010-12-17 13:33 . 2010-12-17 13:33 -------- d-----w- c:\program files\Bonjour
2010-12-16 12:54 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 12:54 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-16 12:54 . 2010-11-02 05:18 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-16 12:54 . 2010-11-02 05:17 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-16 12:54 . 2010-11-02 05:17 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-12-16 12:54 . 2010-11-02 05:16 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-16 12:54 . 2010-11-02 05:10 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-12-16 12:54 . 2010-11-02 05:10 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-12-16 12:54 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-16 12:54 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-16 12:54 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-12-14 09:28 . 2010-12-16 15:49 -------- d-----w- c:\users\Kevin\AppData\Local\CutePDF Writer
2010-12-14 09:27 . 2009-11-05 07:40 85504 ----a-w- c:\windows\system32\cpwmon64.dll
2010-12-14 09:27 . 2010-12-14 09:27 -------- d-----w- c:\program files (x86)\Acro Software
2010-12-14 09:25 . 2010-12-14 09:25 -------- d-----w- c:\program files (x86)\GPLGS
2010-12-12 17:29 . 2010-12-12 17:29 -------- d-----w- c:\users\Kevin\DoctorWeb
2010-12-12 09:54 . 2010-12-12 09:54 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2010-12-11 16:56 . 2010-12-11 16:56 65736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-12-11 16:56 . 2010-12-11 16:56 62976 ----a-w- c:\windows\SysWow64\PxSecure.dll
2010-12-11 16:56 . 2010-12-11 16:56 36384 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-12-11 16:56 . 2010-12-11 16:56 24024 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-12-11 16:56 . 2010-12-11 16:56 -------- d-----w- c:\program files\Prevx
2010-12-11 16:55 . 2010-12-21 20:49 -------- d-----w- c:\programdata\PrevxCSI
2010-12-11 11:23 . 2010-12-11 11:23 388096 ----a-r- c:\users\Kevin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-11 11:23 . 2010-12-11 11:23 -------- d-----w- c:\program files (x86)\Trend Micro
2010-12-10 08:36 . 2010-12-10 08:36 -------- d-----w- c:\users\Kevin\AppData\Roaming\Malwarebytes
2010-12-10 08:36 . 2010-12-10 08:36 -------- d-----w- c:\programdata\Malwarebytes
2010-12-10 08:36 . 2010-11-29 17:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-10 08:36 . 2010-12-10 08:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-10 08:36 . 2010-11-29 17:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 08:17 . 2010-12-10 08:17 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-10 08:17 . 2010-12-10 08:17 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-12-10 08:17 . 2010-12-10 08:17 -------- d-----w- c:\programdata\Hitman Pro
2010-12-08 19:18 . 2010-12-08 19:18 -------- d-----w- c:\program files (x86)\Veetle
2010-11-30 16:03 . 2010-11-30 16:03 -------- d-----w- c:\program files\Common Files\Sage SBD
2010-11-30 16:02 . 2010-11-09 20:03 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2010-11-30 16:02 . 2010-11-30 16:02 -------- d-----w- c:\program files (x86)\Common Files\Sage Report Designer 2007
2010-11-30 16:02 . 2010-11-30 16:02 -------- d-----w- c:\program files (x86)\Sage Payroll
2010-11-30 16:01 . 2010-11-09 20:03 434688 ------w- c:\windows\SysWow64\acfpdfuiamd64.dll
2010-11-30 16:01 . 2010-11-09 20:03 345088 ------w- c:\windows\SysWow64\acfpdfuiia64.dll
2010-11-30 16:01 . 2010-11-09 20:03 1092096 ------w- c:\windows\SysWow64\acfpdfuia64.dll
2010-11-30 16:01 . 2010-11-09 20:03 921600 ------w- c:\windows\SysWow64\acfpdfuamd64.dll
2010-11-30 16:01 . 2010-11-09 20:03 285492 ------w- c:\windows\SysWow64\acfpdfnt.dll
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-27 15:06 . 2010-09-02 03:02 177200 ----a-w- c:\windows\system32\drivers\BAPIDRV64.SYS
2010-11-27 15:03 . 2010-11-28 11:37 -------- d-----w- c:\program files (x86)\360
2010-11-27 15:00 . 2010-11-28 11:45 -------- d-----w- c:\programdata\PPLive
2010-11-27 15:00 . 2010-09-25 05:44 312768 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.335\ppp.dll
2010-11-27 15:00 . 2010-09-20 05:07 624056 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.335\mframe.dll
2010-11-24 08:00 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-24 08:00 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 16:23 . 2010-05-05 18:26 739328 ----a-w- c:\windows\Payroll for Windows.msi
2010-11-09 20:03 . 2010-05-05 18:26 1806336 ------w- c:\windows\SysWow64\tas_sdk.dll
2010-11-09 20:03 . 2010-05-05 18:26 1691648 ------w- c:\windows\SysWow64\TAS_SDK2.DLL
2010-11-09 20:03 . 2010-05-05 18:26 98304 ------w- c:\windows\SysWow64\SGOEdit.ocx
2010-11-09 20:03 . 2010-05-05 18:26 81920 ------w- c:\windows\SysWow64\sgopopup.ocx
2010-11-09 20:03 . 2010-05-05 18:26 73728 ------w- c:\windows\SysWow64\SGOSize.ocx
2010-11-09 20:03 . 2010-05-05 18:26 49152 ------w- c:\windows\SysWow64\SgStat32.dll
2010-11-09 20:03 . 2010-05-05 18:26 32768 ------w- c:\windows\SysWow64\sgConnStatus.ocx
2010-11-09 20:03 . 2010-05-05 18:26 217088 ------w- c:\windows\SysWow64\SGOList.ocx
2010-11-09 20:03 . 2010-05-05 18:26 200704 ------w- c:\windows\SysWow64\SGTBar32.dll
2010-11-09 20:03 . 2010-05-05 18:26 118784 ------w- c:\windows\SysWow64\SGOTBar.ocx
2010-11-09 20:03 . 2010-05-05 18:26 61440 ------w- c:\windows\SysWow64\SGAppBar.dll
2010-11-09 20:03 . 2010-05-05 18:26 49152 ------w- c:\windows\SysWow64\SGLogo32.dll
2010-11-09 20:03 . 2010-05-05 18:26 249856 ------w- c:\windows\SysWow64\SGCDlg32.dll
2010-11-09 20:03 . 2010-05-05 18:26 233472 ------w- c:\windows\SysWow64\SGLch32.dll
2010-11-09 20:03 . 2010-05-05 18:26 1724416 ------w- c:\windows\SysWow64\SGRep32.dll
2010-11-09 20:03 . 2010-05-05 18:26 143360 ------w- c:\windows\SysWow64\SGCtrlEx.dll
2010-11-09 20:03 . 2010-05-05 18:26 2110568 ------w- c:\windows\SysWow64\olch2x8.ocx
2010-11-09 20:03 . 2010-05-05 18:26 172032 ------w- c:\windows\SysWow64\SageEventHandler.exe
2010-11-09 20:03 . 2010-05-05 18:26 61440 ------w- c:\windows\SysWow64\SG3D32.dll
2010-11-09 20:03 . 2004-06-09 09:57 4165632 ------w- c:\windows\SysWow64\cdintf.dll
2010-11-09 20:03 . 2010-05-05 18:26 40960 ------w- c:\windows\SysWow64\RepDes32.exe
2010-11-09 20:03 . 2010-05-05 18:27 40960 ------w- c:\windows\SysWow64\EDllChecker.dll
2010-11-09 20:03 . 2010-05-05 18:26 36864 ------w- c:\windows\SysWow64\hyperLink.ocx
2010-11-09 20:03 . 2010-05-05 18:26 299008 ------w- c:\windows\SysWow64\HDSECompression.dll
2010-11-09 20:03 . 2010-05-05 18:26 1966080 ------w- c:\windows\SysWow64\cdintf251.dll
2010-11-09 20:03 . 2004-06-09 09:57 727715 ------w- c:\windows\SysWow64\acfpdfu.dll
2010-11-09 20:03 . 2004-06-09 09:57 509084 ------w- c:\windows\SysWow64\acfpdf.dll
2010-11-09 20:03 . 2004-06-09 09:57 411797 ------w- c:\windows\SysWow64\acfpdfui.dll
2010-11-09 20:03 . 2010-05-05 18:26 7680 ------w- c:\windows\SysWow64\SVNBAR32.DLL
2010-11-09 20:03 . 2010-05-05 18:26 438272 ------w- c:\windows\SysWow64\SdoEng70.dll
2010-11-09 20:03 . 2010-05-05 18:26 344064 ------w- c:\windows\SysWow64\SdoEng60.dll
2010-11-09 20:03 . 2010-05-05 18:26 342016 ------w- c:\windows\SysWow64\SVNCOM32.DLL
2010-11-09 20:03 . 2010-05-05 18:26 304640 ------w- c:\windows\SysWow64\SdoEng50.dll
2010-11-09 20:03 . 2010-05-05 18:26 227840 ------w- c:\windows\SysWow64\SdoEng.dll
2010-11-09 20:03 . 2010-05-05 18:26 172544 ------w- c:\windows\SysWow64\SVNFIL32.DLL
2010-11-09 20:03 . 2010-05-05 18:26 158208 ------w- c:\windows\SysWow64\SYSDLL32.DLL
2010-11-09 20:03 . 2010-05-05 18:26 11776 ------w- c:\windows\SysWow64\SVNCAT32.DLL
2010-11-09 20:03 . 2010-05-05 18:26 407312 ------w- c:\windows\SysWow64\msrepl35.dll
2010-11-09 20:03 . 2010-05-05 18:26 368912 ------w- c:\windows\SysWow64\vbar332.dll
2010-11-09 20:03 . 2010-05-05 18:26 24848 ------w- c:\windows\SysWow64\msjter35.dll
2010-11-09 20:03 . 2004-06-09 09:57 334640 ------w- c:\windows\SysWow64\acfpdf.drv
2010-11-09 20:03 . 2010-05-05 18:27 94208 ------w- c:\windows\SysWow64\MSSMO.dll
2010-11-09 20:03 . 2010-05-05 18:27 31744 ------w- c:\windows\SysWow64\SOAPISAP.dll
2010-11-09 20:03 . 2010-05-05 18:27 25088 ------w- c:\windows\SysWow64\WiSC10.dll
2010-11-09 20:03 . 2010-05-05 18:27 20480 ------w- c:\windows\SysWow64\XHSC10.dll
2010-11-09 20:03 . 2010-05-05 18:27 1060864 ------w- c:\windows\SysWow64\MFC71.dll
2010-11-09 20:03 . 2010-05-05 18:26 32256 ------w- c:\windows\SysWow64\_RegTLB.dll
2010-11-09 20:03 . 2010-05-05 18:26 252176 ------w- c:\windows\SysWow64\msrd2x35.dll
2010-11-09 20:03 . 2010-05-05 18:26 123664 ------w- c:\windows\SysWow64\MSJINT35.DLL
2010-11-09 20:03 . 2010-03-15 04:01 499712 ------w- c:\windows\SysWow64\msvcp71.dll
2010-11-09 20:03 . 2009-08-12 14:12 203976 ------w- c:\windows\SysWow64\RICHTX32.OCX
2010-11-09 20:03 . 2010-05-05 18:27 235520 ------w- c:\windows\SysWow64\MSSOAP1.dll
2010-11-09 20:03 . 2010-05-05 18:27 23552 ------w- c:\windows\SysWow64\MSSOAPR.dll
2010-11-09 20:03 . 2010-05-05 18:27 169984 ------w- c:\windows\SysWow64\HLSC10.dll
2010-11-05 12:22 . 2010-11-05 12:22 13824 ----a-w- c:\windows\SysWow64\SgELauncher.dll
2010-11-05 12:22 . 2010-11-05 12:22 13824 ----a-w- c:\windows\SysWow64\SgEData.dll
2010-10-19 10:41 . 2010-05-08 13:20 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 12:36 . 2010-10-07 12:36 96544 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 12:36 . 2010-10-07 12:36 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-10-07 12:23 . 2010-10-07 12:23 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2010-10-07 12:23 . 2010-10-07 12:23 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2010-09-27 11:39 . 2010-09-27 11:39 110592 ----a-w- c:\windows\SysWow64\SageSantander.dll
2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2010-09-22 23:36 . 2010-10-26 19:01 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-22 23:32 . 2010-09-22 23:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 22:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-12-03 15:52 574096 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 15:52 574096 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-12-03 15:52 574096 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-15 39408]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"Google Update"="c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-05 136176]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"APLangApp"="c:\program files (x86)\AnyPC Client\APLangApp.exe" [2009-11-20 13312]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-12-03 670864]
"Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-05-10 906656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 1082144]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2009-01-21 65536]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-05 135664]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-11-25 151936]
R3 Normandy;Normandy SR2; [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 synusb64;eLicenser;c:\windows\system32\DRIVERS\synusb64.sys [2010-09-17 30352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-28 1255736]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2010-12-11 36384]
S1 aswSP;aswSP; [x]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-12-11 65736]
S1 RapportKE64;RapportKE64;c:\program files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [2010-10-03 63472]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [2010-10-03 56816]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2010-12-11 6746280]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-03 767208]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-16 27536]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-06-27 83488]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-12-11 24024]
S3 RapportLaunService;Rapport Launching Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [2010-10-03 526320]
S3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2010-02-01 622624]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]

.
Contents of the 'Scheduled Tasks' folder

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-05 20:16]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-05 20:16]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3849805104-749619427-1806466223-1000Core.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-06 20:21]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3849805104-749619427-1806466223-1000UA.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-06 20:21]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-12-03 15:53 967312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 15:53 967312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-12-03 15:53 967312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-07 16413288]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-IBP - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3849805104-749619427-1806466223-1000\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Users\\Kevin\\Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"="c:\\Users\\Kevin\\Documents\\Sports Interactive\\Football Manager 2010\\shortlists"
"ScreenshotsDir"="c:\\Users\\Kevin\\Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Users\\Kevin\\Documents\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="d:\\My Stuff\\FM Genie Scout 10\\History Points"
"LangDB"=""
"LastSaveGame"="c:\\Users\\Kevin\\Documents\\Sports Interactive\\Football Manager 2010\\games\\Brighton.fm"
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009dee
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000074
"UniqueID"="06-A560-EE2F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-21 21:18:34
ComboFix-quarantined-files.txt 2010-12-21 21:18

Pre-Run: 127,763,300,352 bytes free
Post-Run: 127,423,176,704 bytes free

- - End Of File - - 08E1AB39259551366D7A48F05E643253




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users