Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google re-direct virus


  • This topic is locked This topic is locked
20 replies to this topic

#1 macbeth99

macbeth99

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 15 December 2010 - 05:14 AM

My AVG failed to stop it, and can't see it.

Malware doesn't catch it.

I'm stuck !!! Help please.

DDS analysis ......


DDS (Ver_10-12-12.02) - NTFSx86
Run by Ian at 9:45:39.30 on 15/12/2010
Internet Explorer: 9.0.7930.16406
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3071.2119 [GMT 0:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\explorer.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\prevhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ian\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:6522
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [Cobian Backup 9] "c:\program files\cobian backup 9\Cobian.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0ANAA0ADcANwA3ADYANQAxADkALQBGAFAAOQAyACsANgAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0ARgA5AE0AKwAxAC0ARgA5AE0ANwBCACsANQAtAFgATwAzADYAKwAxAA"&"prod=90"&"ver=9.0.872
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ian\appdata\roaming\mozilla\firefox\profiles\ridpxxh7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.football-finances.org.uk/home/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c927cae&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ian\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2009-10-2 73728]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2010-1-28 50176]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400]
S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
S4 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-1-12 185640]

=============== Created Last 30 ================

2010-12-12 22:18:55 -------- d-----w- c:\users\ian\appdata\roaming\AVG
2010-12-12 16:21:51 -------- d-----w- c:\users\ian\appdata\roaming\AVG10
2010-12-12 16:21:01 -------- d--h--w- c:\progra~2\Common Files
2010-12-12 16:20:22 -------- d-----w- c:\progra~2\AVG10
2010-12-12 16:03:00 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-12 16:02:59 -------- d-----w- c:\users\ian\appdata\local\temp
2010-12-12 15:35:46 -------- d-----w- c:\progra~2\MFAData
2010-12-07 08:49:04 0 ----a-w- c:\users\ian\appdata\local\Eyipogo.bin
2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-25 20:08:23 -------- d-----w- c:\program files\TweetDeck
2010-11-19 14:42:54 -------- d-----w- c:\program files\iTunes
2010-11-19 14:42:54 -------- d-----w- c:\program files\iPod
2010-11-19 14:41:21 -------- d-----w- c:\program files\Bonjour
2010-11-16 22:33:38 804864 ----a-w- c:\windows\system32\FntCache.dll
2010-11-16 22:33:38 737280 ----a-w- c:\windows\system32\d2d1.dll
2010-11-16 22:33:38 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-16 22:33:38 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2010-11-16 22:33:38 1076224 ----a-w- c:\windows\system32\DWrite.dll
2010-11-16 22:33:13 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-11-16 22:33:13 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-11-16 22:32:37 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2010-11-16 22:31:34 -------- d-----w- c:\program files\Feedback Tool

==================== Find3M ====================

2010-11-12 18:46:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-08 01:20:24 89088 ----a-w- c:\windows\MBR.exe
2010-10-26 08:38:31 135168 ----a-w- c:\windows\AMCAP.EXE
2010-10-07 12:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 12:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 12:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 12:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 15:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-20 15:33:00 452421869 ----a-r- c:\program files\Horrid Henry.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: SAMSUNG_HD103UJ rev.1AA01117 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86A18446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86a1e504]; MOV EAX, [0x86a1e580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x8303E458] -> \Device\Harddisk0\DR0[0x869F8218]
3 CLASSPNP[0x8B7B759E] -> ntkrnlpa!IofCallDriver[0x8303E458] -> [0x864D3918]
5 ACPI[0x838BB3B2] -> ntkrnlpa!IofCallDriver[0x8303E458] -> \IdeDeviceP0T0L0-0[0x85BC4610]
\Driver\atapi[0x869FEC20] -> IRP_MJ_CREATE -> 0x86A18446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskSAMSUNG_HD103UJ_________________________1AA01117#5&291da68b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
copy of MBR has been found in sector 9 !
sectors 1953525166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 9:46:19.77 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:46 AM

Posted 24 December 2010 - 07:46 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 macbeth99

macbeth99
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 26 December 2010 - 08:55 AM

The DDR said .....


DDS (Ver_10-12-12.02) - NTFSx86
Run by Ian at 23:34:50.50 on 25/12/2010
Internet Explorer: 9.0.7930.16406
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3071.2316 [GMT 0:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ian\Downloads\dds(2).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:59274
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [Cobian Backup 9] "c:\program files\cobian backup 9\Cobian.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [jswtrayutil] "c:\program files\netgear\wna1100\jswtrayutil.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0ANAA0ADcANwA3ADYANQAxADkALQBGAFAAOQAyACsANgAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0ARgA5AE0AKwAxAC0ARgA5AE0ANwBCACsANQAtAFgATwAzADYAKwAxAA"&"prod=90"&"ver=9.0.872
StartupFolder: c:\users\ian\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ian\appdata\roaming\mozilla\firefox\profiles\ridpxxh7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.football-finances.org.uk/home/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c927cae&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ian\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2010-12-16 21728]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2010-12-16 20384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2009-10-2 73728]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 Realtek11nSU;Realtek11nSU;c:\program files\realtek\11n usb wireless lan utility\RtlService.exe [2010-12-15 40960]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]
R2 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2010-12-16 278528]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2010-1-28 50176]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [2010-12-15 583680]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2010-12-16 1484800]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2010-12-16 954368]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400]
S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
S4 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-1-12 185640]

=============== Created Last 30 ================


The attach said ....


DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 26/11/2009 14:27:33
System Uptime: 25/12/2010 22:12:00 (1 hours ago)

Motherboard: Dell Inc. | | 0M017G
Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz | CPU 1 | 2499/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 916 GiB total, 648.541 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.701 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 466 GiB total, 391.918 GiB free.
K: is FIXED (FAT32) - 231 GiB total, 153.204 GiB free.
L: is FIXED (FAT32) - 698 GiB total, 653.379 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MS/MS-Pro
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626420&3#
Manufacturer: Generic-
Name: I:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626420&3#
Service: WUDFRd

Class GUID:
Description: WD SES Device USB Device
Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_2011\575845314137304536383731&1
Manufacturer:
Name: WD SES Device USB Device
PNP Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_2011\575845314137304536383731&1
Service:

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SD/MMC
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626420&0#
Manufacturer: Generic-
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626420&0#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SM/xD Picture
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD_PICTURE&REV_1.02#058F63626420&2#
Manufacturer: Generic-
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD_PICTURE&REV_1.02#058F63626420&2#
Service: WUDFRd

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom 802.11g Network Adapter
Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_100F1043&REV_02\4&C79E0F5&0&00F0
Manufacturer: Broadcom
Name: Broadcom 802.11g Network Adapter
PNP Device ID: PCI\VEN_14E4&DEV_4318&SUBSYS_100F1043&REV_02\4&C79E0F5&0&00F0
Service: BCM43XX

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Compact Flash
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626420&1#
Manufacturer: Generic-
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626420&1#
Service: WUDFRd

==== System Restore Points ===================

RP111: 16/09/2010 21:10:56 - Scheduled Checkpoint
RP113: 16/09/2010 21:13:09 - Avg Update
RP114: 16/09/2010 23:42:37 - Windows Update
RP116: 23/09/2010 09:04:18 - Avg Update
RP118: 23/09/2010 09:05:45 - Avg Update
RP120: 25/09/2010 09:12:30 - Installed Connect Service
RP121: 29/09/2010 03:00:58 - Windows Update
RP123: 05/10/2010 09:33:35 - Avg Update
RP124: 07/10/2010 17:07:38 - Windows Update
RP125: 13/10/2010 00:55:15 - Removed OpenOffice.org 3.2
RP126: 13/10/2010 06:15:43 - Windows Update
RP127: 13/10/2010 23:24:02 - Windows Update
RP128: 21/10/2010 06:36:57 - Scheduled Checkpoint
RP130: 26/10/2010 09:38:03 - Avg Update
RP131: 27/10/2010 22:21:30 - Windows Update
RP132: 04/11/2010 00:29:49 - Scheduled Checkpoint
RP134: 10/11/2010 08:58:27 - Avg Update
RP136: 10/11/2010 08:59:23 - Avg Update
RP137: 10/11/2010 09:32:21 - Installed WinZip 15.0
RP138: 11/11/2010 17:14:24 - Windows Update
RP139: 12/11/2010 20:39:59 - Removed WinZip 15.0
RP141: 14/11/2010 11:43:22 - Avg Update
RP143: 14/11/2010 11:44:30 - Avg Update
RP144: 15/11/2010 03:01:16 - Windows Update
RP145: 16/11/2010 22:32:20 - Windows Update
RP146: 16/11/2010 22:33:00 - Windows Update
RP147: 16/11/2010 22:33:26 - Windows Update
RP148: 16/11/2010 22:33:49 - Windows Update
RP149: 16/11/2010 22:34:18 - Windows Update
RP150: 17/11/2010 12:52:51 - Removed Microsoft Silverlight
RP151: 17/11/2010 16:55:31 - Removed Microsoft Silverlight
RP152: 17/11/2010 16:56:31 - Removed Bonjour
RP154: 17/11/2010 16:57:30 - Removed TAS Basics
RP155: 17/11/2010 16:59:38 - Removed Google Earth.
RP156: 17/11/2010 17:01:36 - Removed Adobe Flash Player 9 ActiveX.
RP157: 17/11/2010 17:02:48 - Removed Citrix XenApp Web Plugin
RP158: 17/11/2010 17:04:38 - Removed WinZip 14.5
RP159: 18/11/2010 10:17:56 - Removed Windows Live Upload Tool
RP161: 24/11/2010 08:18:30 - Installed Connect Service
RP162: 24/11/2010 23:18:50 - Removed TweetDeck
RP164: 25/11/2010 12:15:31 - Avg Update
RP166: 25/11/2010 12:16:47 - Avg Update
RP167: 03/12/2010 00:19:05 - Scheduled Checkpoint
RP168: 10/12/2010 10:15:04 - Scheduled Checkpoint
RP169: 12/12/2010 14:20:57 - Removed AVG Free 9.0
RP170: 12/12/2010 14:28:13 - Installed AVG Free 9.0
RP171: 12/12/2010 16:19:44 - Installed AVG 2011
RP172: 12/12/2010 16:20:01 - Installed AVG 2011
RP173: 15/12/2010 14:39:55 - Installed REALTEK 11n USB Wireless LAN Driver and Utility
RP175: 16/12/2010 15:39:54 - Installed NETGEAR WNA1100 wireless USB 2.0 adapter
RP176: 16/12/2010 15:41:00 - Device Driver Package Install: NETGEAR Inc. Network Protocol
RP177: 23/12/2010 16:51:52 - Scheduled Checkpoint

==== Installed Programs ======================

Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 2.5
Adobe Reader 9.4.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
Audacity 1.2.6
AVG 2011
AVG PC Tuneup 2011
BBC iPlayer Desktop
Big Reading Adventure
Bonjour
Camera RAW Plug-In for EPSON Creativity Suite
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.2
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cobian Backup 9
Compatibility Pack for the 2007 Office system
Connect
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
DellSupport
Dorling Kindersley Application Database v1.4
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Print CD
EPSON Printer Software
EPSON Scan Assistant
ESP1400_1410 User's Guide
Feedback Tool
FileZilla Client 3.3.5.1
HijackThis 2.0.2
Horrid Henry
iTunes
Java™ 6 Update 13
Junk Mail filter update
kuler
LAME v3.98.2 for Audacity
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
Microsoft XML Parser
Mozilla Firefox (3.6.12)
MSVC80_x86
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WNA1100 wireless USB 2.0 adapter
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OVT Scanner X86
PC Connectivity Solution
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
REALTEK Wireless LAN Driver and Utility
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Sage e-Banking Core Components
Sage Protx VSP
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sky Songs MP3 Downloader
Spotify
Suite Shared Configuration CS4
SUPERAntiSpyware
TeamViewer 5
TweetDeck
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Expression Web 2 (KB957827)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
WD Diagnostics
WD Drive Manager (x86)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Xobni
Xobni Core

==== Event Viewer Messages From Past Week ========

25/12/2010 20:57:29, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000e3 (0x89913f20, 0x8b0f9a48, 0x00000000, 0x00000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122510-37424-01.
25/12/2010 10:40:30, Error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
25/12/2010 00:13:47, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
25/12/2010 00:13:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
25/12/2010 00:13:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
25/12/2010 00:13:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
25/12/2010 00:13:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
25/12/2010 00:13:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
25/12/2010 00:13:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
25/12/2010 00:13:23, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC discache jswpslwf NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx VWiFiFlt Wanarpv6 WfpLwf
25/12/2010 00:13:23, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/12/2010 00:13:23, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
25/12/2010 00:13:23, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
25/12/2010 00:13:23, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
25/12/2010 00:13:23, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
25/12/2010 00:13:23, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
25/12/2010 00:13:23, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/12/2010 00:13:23, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/12/2010 00:13:23, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/12/2010 00:13:23, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/12/2010 00:13:23, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
25/12/2010 00:13:23, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x8310e2f1, 0x8d59b750, 0x8d59b330). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122510-30622-01.
24/12/2010 20:23:51, Error: srv [2017] - The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.
24/12/2010 15:26:32, Error: bowser [8003] - The master browser has received a server announcement from the computer BEN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{88C83A6A-AA1E-4D9A-A749-ED6867893E3. The master browser is stopping or an election is being forced.
24/12/2010 10:53:55, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
23/12/2010 15:53:59, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
23/12/2010 14:02:24, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000e3 (0x85bb79c4, 0x8af61828, 0x00000000, 0x00000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122310-34913-01.
23/12/2010 12:57:17, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
22/12/2010 23:14:44, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
22/12/2010 23:14:43, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
22/12/2010 23:14:22, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000074, 0x00000002, 0x00000001, 0x830b2784). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-46113-01.
22/12/2010 10:19:00, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x830f62f1, 0x8d58b750, 0x8d58b330). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-38813-01.
22/12/2010 10:06:37, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: moliheg
22/12/2010 10:06:09, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000e3 (0x89d20950, 0x85ee4030, 0x00000000, 0x00000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-39171-01.
22/12/2010 09:36:01, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x830c02f1, 0x8d59b750, 0x8d59b330). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-31715-01.
22/12/2010 09:32:29, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x830d32f1, 0x8d597750, 0x8d597330). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-46628-01.
22/12/2010 09:10:04, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x830d32f1, 0x8d58f750, 0x8d58f330). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122210-26941-01.
21/12/2010 22:52:22, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x830be2f1, 0x8d59b750, 0x8d59b330). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122110-40841-01.
21/12/2010 07:18:52, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xa3f1bba8, 0x00000000, 0x86a1c793, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122110-36738-01.
19/12/2010 14:50:18, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
19/12/2010 13:48:42, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000074, 0x00000002, 0x00000001, 0x8308a784). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121910-41979-01.
18/12/2010 23:34:57, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x830bb2f1, 0x8d58f750, 0x8d58f330). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121810-33540-01.
18/12/2010 16:54:09, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x830ff2f1, 0x8d58b750, 0x8d58b330). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121810-48188-01.

==== End Of File ===========================


The GMER just didn't want to play. It downloaded, opened, ran for a few seconds (about a screens worth) and then crashed windows. I redid the downlaod and it crashed again.

I wil try and screen dump what does work with the GMER

Thanks
Ian

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:46 AM

Posted 26 December 2010 - 11:10 AM

Hi Ian,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more. Thank you.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#5 macbeth99

macbeth99
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 26 December 2010 - 11:40 AM

2010/12/26 16:29:31.0721 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/26 16:29:31.0721 ================================================================================
2010/12/26 16:29:31.0721 SystemInfo:
2010/12/26 16:29:31.0721
2010/12/26 16:29:31.0721 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/26 16:29:31.0721 Product type: Workstation
2010/12/26 16:29:31.0721 ComputerName: IAN-PC
2010/12/26 16:29:31.0722 UserName: Ian
2010/12/26 16:29:31.0722 Windows directory: C:\Windows
2010/12/26 16:29:31.0722 System windows directory: C:\Windows
2010/12/26 16:29:31.0722 Processor architecture: Intel x86
2010/12/26 16:29:31.0722 Number of processors: 4
2010/12/26 16:29:31.0722 Page size: 0x1000
2010/12/26 16:29:31.0722 Boot type: Normal boot
2010/12/26 16:29:31.0722 ================================================================================
2010/12/26 16:29:41.0229 Initialize success
2010/12/26 16:29:48.0826 ================================================================================
2010/12/26 16:29:48.0826 Scan started
2010/12/26 16:29:48.0826 Mode: Manual;
2010/12/26 16:29:48.0826 ================================================================================
2010/12/26 16:29:50.0425 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/26 16:29:50.0471 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/26 16:29:50.0500 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/26 16:29:50.0529 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2010/12/26 16:29:50.0564 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/26 16:29:50.0593 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/26 16:29:50.0614 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/26 16:29:50.0670 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
2010/12/26 16:29:50.0706 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/26 16:29:50.0730 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/26 16:29:50.0754 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/26 16:29:50.0778 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/26 16:29:50.0791 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/26 16:29:50.0817 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/26 16:29:50.0839 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/26 16:29:50.0860 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/26 16:29:50.0881 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/26 16:29:50.0902 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/26 16:29:50.0916 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/26 16:29:50.0942 APL531 (1fc8a7e5c3aed31f00940c6ab2fd9b49) C:\Windows\system32\Drivers\ov550i.sys
2010/12/26 16:29:50.0972 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/26 16:29:51.0017 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/26 16:29:51.0037 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/26 16:29:51.0068 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/26 16:29:51.0087 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/26 16:29:51.0155 athur (49df1c094c56688fd64c211f57c7a3ad) C:\Windows\system32\DRIVERS\athur.sys
2010/12/26 16:29:51.0227 AVGIDSDriver (1ca8e5fe74efd5826bbd76c0470e6ae4) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2010/12/26 16:29:51.0261 AVGIDSEH (b9b6e535b9b49c463f68f4bcdd232944) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2010/12/26 16:29:51.0303 AVGIDSFilter (32a76fd3fc12d09c586730ef63b4b20b) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2010/12/26 16:29:51.0330 AVGIDSShim (84431da40330cdfd84a7b92bcf0d4a05) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2010/12/26 16:29:51.0353 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\Windows\system32\DRIVERS\avgldx86.sys
2010/12/26 16:29:51.0369 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2010/12/26 16:29:51.0385 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2010/12/26 16:29:51.0412 Avgtdix (354e0fec3bfdfa9c369e0f67ac362f9f) C:\Windows\system32\DRIVERS\avgtdix.sys
2010/12/26 16:29:51.0458 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/26 16:29:51.0490 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/26 16:29:51.0539 BCM43XX (9fa35e676acdfecc3730f39933affc4d) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/12/26 16:29:51.0583 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/26 16:29:51.0618 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/26 16:29:51.0637 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/26 16:29:51.0657 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/26 16:29:51.0672 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/26 16:29:51.0697 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/26 16:29:51.0720 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/26 16:29:51.0741 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/26 16:29:51.0753 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/26 16:29:51.0779 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/26 16:29:51.0921 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/26 16:29:51.0949 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/26 16:29:51.0971 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/26 16:29:52.0008 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/26 16:29:52.0039 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/26 16:29:52.0055 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/26 16:29:52.0080 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/26 16:29:52.0105 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/26 16:29:52.0142 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/26 16:29:52.0166 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/26 16:29:52.0210 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/26 16:29:52.0231 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/26 16:29:52.0254 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/26 16:29:52.0312 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/26 16:29:52.0386 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/12/26 16:29:52.0420 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
2010/12/26 16:29:52.0471 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/26 16:29:52.0547 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/26 16:29:52.0616 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/26 16:29:52.0644 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/26 16:29:52.0676 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/26 16:29:52.0697 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/26 16:29:52.0726 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/26 16:29:52.0751 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/26 16:29:52.0772 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/26 16:29:52.0800 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/26 16:29:52.0840 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/26 16:29:52.0863 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/26 16:29:52.0884 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/26 16:29:52.0907 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/26 16:29:52.0936 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/26 16:29:52.0971 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/26 16:29:52.0994 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/26 16:29:53.0040 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/12/26 16:29:53.0062 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/26 16:29:53.0076 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/26 16:29:53.0097 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/26 16:29:53.0114 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/26 16:29:53.0160 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/26 16:29:53.0193 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/26 16:29:53.0226 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/26 16:29:53.0248 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/26 16:29:53.0267 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/26 16:29:53.0306 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/26 16:29:53.0332 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/26 16:29:53.0381 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/26 16:29:53.0404 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/26 16:29:53.0422 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/26 16:29:53.0452 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/26 16:29:53.0477 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/26 16:29:53.0516 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/26 16:29:53.0533 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/26 16:29:53.0559 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/26 16:29:53.0599 jswpslwf (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys
2010/12/26 16:29:53.0613 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/26 16:29:53.0629 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/26 16:29:53.0655 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/26 16:29:53.0685 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/26 16:29:53.0737 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/26 16:29:53.0767 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/26 16:29:53.0787 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/26 16:29:53.0809 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/26 16:29:53.0847 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/26 16:29:53.0888 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/26 16:29:53.0949 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\Windows\system32\Drivers\LUsbFilt.Sys
2010/12/26 16:29:53.0974 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/26 16:29:54.0002 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/26 16:29:54.0021 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/26 16:29:54.0042 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/26 16:29:54.0061 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/26 16:29:54.0074 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/26 16:29:54.0095 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/26 16:29:54.0117 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/26 16:29:54.0134 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/26 16:29:54.0163 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/26 16:29:54.0201 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/26 16:29:54.0226 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/26 16:29:54.0246 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/26 16:29:54.0266 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/26 16:29:54.0286 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/26 16:29:54.0321 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/26 16:29:54.0344 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/26 16:29:54.0364 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/26 16:29:54.0389 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/26 16:29:54.0418 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/26 16:29:54.0440 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/26 16:29:54.0460 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/26 16:29:54.0478 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/26 16:29:54.0503 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/26 16:29:54.0526 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/26 16:29:54.0549 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/26 16:29:54.0593 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/26 16:29:54.0635 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/12/26 16:29:54.0664 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/26 16:29:54.0689 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/26 16:29:54.0704 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/26 16:29:54.0732 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/26 16:29:54.0753 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/26 16:29:54.0767 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/26 16:29:54.0791 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/26 16:29:54.0856 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/26 16:29:54.0908 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys
2010/12/26 16:29:54.0929 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys
2010/12/26 16:29:54.0974 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\Windows\system32\drivers\nmwcdnsu.sys
2010/12/26 16:29:55.0005 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\Windows\system32\drivers\nmwcdnsuc.sys
2010/12/26 16:29:55.0022 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/26 16:29:55.0047 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/26 16:29:55.0093 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/26 16:29:55.0125 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/26 16:29:55.0164 NVHDA (a82534d453425f5fee4b6a583fdcf3eb) C:\Windows\system32\drivers\nvhda32v.sys
2010/12/26 16:29:55.0354 nvlddmkm (73e8dc1e415439c0d01914992cde0f45) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/26 16:29:55.0472 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/26 16:29:55.0503 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/26 16:29:55.0519 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/26 16:29:55.0536 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/26 16:29:55.0556 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/26 16:29:55.0573 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/26 16:29:55.0595 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/26 16:29:55.0625 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2010/12/26 16:29:55.0644 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/26 16:29:55.0686 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/26 16:29:55.0708 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/26 16:29:55.0723 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/26 16:29:55.0752 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/26 16:29:55.0844 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/26 16:29:55.0882 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/26 16:29:55.0914 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/26 16:29:55.0936 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/26 16:29:55.0980 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/26 16:29:56.0018 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/26 16:29:56.0039 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/26 16:29:56.0055 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/26 16:29:56.0093 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/26 16:29:56.0117 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/26 16:29:56.0150 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/26 16:29:56.0172 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/26 16:29:56.0199 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/26 16:29:56.0222 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/26 16:29:56.0244 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/26 16:29:56.0268 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/26 16:29:56.0292 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/26 16:29:56.0312 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/26 16:29:56.0333 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/26 16:29:56.0397 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/26 16:29:56.0450 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
2010/12/26 16:29:56.0504 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/12/26 16:29:56.0544 RTL8192su (83e64d86a4d888d973de824780567518) C:\Windows\system32\DRIVERS\RTL8192su.sys
2010/12/26 16:29:56.0663 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/26 16:29:56.0697 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/26 16:29:56.0747 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/26 16:29:56.0773 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/26 16:29:56.0819 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
2010/12/26 16:29:56.0850 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/26 16:29:56.0889 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/26 16:29:56.0906 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/26 16:29:56.0930 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/26 16:29:56.0974 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/26 16:29:56.0991 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/26 16:29:57.0006 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/26 16:29:57.0036 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/26 16:29:57.0060 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/26 16:29:57.0086 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/26 16:29:57.0110 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/26 16:29:57.0131 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/26 16:29:57.0168 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/26 16:29:57.0218 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/26 16:29:57.0258 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/26 16:29:57.0292 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/26 16:29:57.0319 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/26 16:29:57.0351 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/26 16:29:57.0429 TClass2k (1b3c28d36e669deeb39331255a3feeeb) C:\Windows\system32\DRIVERS\TClass2k.sys
2010/12/26 16:29:57.0486 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/12/26 16:29:57.0524 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/26 16:29:57.0553 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/26 16:29:57.0581 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/26 16:29:57.0598 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/26 16:29:57.0620 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/26 16:29:57.0646 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/26 16:29:57.0693 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/26 16:29:57.0719 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/26 16:29:57.0733 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/26 16:29:57.0767 UCTblHid (051aa2bb2bd20c55a8be41b10765b621) C:\Windows\system32\DRIVERS\UCTblHid.sys
2010/12/26 16:29:57.0789 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/26 16:29:57.0822 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/26 16:29:57.0836 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/26 16:29:57.0853 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/26 16:29:57.0919 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2010/12/26 16:29:57.0947 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/26 16:29:57.0972 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/26 16:29:57.0998 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/26 16:29:58.0020 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/26 16:29:58.0051 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/26 16:29:58.0074 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/26 16:29:58.0107 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/26 16:29:58.0147 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\drivers\usbser.sys
2010/12/26 16:29:58.0181 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
2010/12/26 16:29:58.0203 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/26 16:29:58.0222 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/26 16:29:58.0244 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/26 16:29:58.0275 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/26 16:29:58.0289 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/26 16:29:58.0309 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/26 16:29:58.0332 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/26 16:29:58.0356 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/26 16:29:58.0376 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/26 16:29:58.0390 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/26 16:29:58.0419 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/26 16:29:58.0442 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/26 16:29:58.0468 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/26 16:29:58.0496 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/12/26 16:29:58.0534 VWiFiFlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/12/26 16:29:58.0558 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/12/26 16:29:58.0584 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/26 16:29:58.0607 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/26 16:29:58.0618 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/26 16:29:58.0672 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/26 16:29:58.0702 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/26 16:29:58.0764 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/26 16:29:58.0803 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2010/12/26 16:29:58.0825 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/26 16:29:58.0900 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/26 16:29:58.0930 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/26 16:29:58.0969 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/26 16:29:59.0009 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/26 16:29:59.0041 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/26 16:29:59.0116 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/26 16:30:00.0663 ================================================================================
2010/12/26 16:30:00.0664 Scan finished
2010/12/26 16:30:00.0664 ================================================================================
2010/12/26 16:30:00.0675 Detected object count: 1
2010/12/26 16:30:17.0726 \HardDisk0 - will be cured after reboot
2010/12/26 16:30:17.0727 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/26 16:30:39.0920 Deinitialize success

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:46 AM

Posted 26 December 2010 - 12:00 PM

Please download MBRCheck by clicking here and save it to your desktop.
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
  • Please post the contents of that file in your next reply.


#7 macbeth99

macbeth99
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 26 December 2010 - 12:05 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio 540
Logical Drives Mask: 0x00000ffc

Kernel Drivers (total 165):
0x83051000 \SystemRoot\system32\ntkrnlpa.exe
0x8301A000 \SystemRoot\system32\halmacpi.dll
0x80BA1000 \SystemRoot\system32\kdcom.dll
0x83622000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8369A000 \SystemRoot\system32\PSHED.dll
0x836AB000 \SystemRoot\system32\BOOTVID.dll
0x836B3000 \SystemRoot\system32\CLFS.SYS
0x836F5000 \SystemRoot\system32\CI.dll
0x8B206000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B277000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B285000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B2CD000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8B2D6000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B2DE000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B308000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B313000 \SystemRoot\System32\drivers\partmgr.sys
0x8B324000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B334000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B37F000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8B386000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B394000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B3AA000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8B3B1000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B3BA000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B3DD000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x837A0000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B3E6000 \SystemRoot\system32\drivers\fileinfo.sys
0x837D4000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B403000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B532000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B55D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B570000 \SystemRoot\System32\Drivers\cng.sys
0x8B5CD000 \SystemRoot\System32\drivers\pcw.sys
0x8B5DB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B625000 \SystemRoot\system32\drivers\ndis.sys
0x8B6DC000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B71A000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B819000 \SystemRoot\System32\drivers\tcpip.sys
0x8B962000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B993000 \SystemRoot\system32\DRIVERS\scmndisp.sys
0x8B99C000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B9DB000 \SystemRoot\System32\Drivers\spldr.sys
0x8B73F000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B9E3000 \SystemRoot\System32\Drivers\mup.sys
0x8B9F3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B76C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B800000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B79E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B811000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8B7C3000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8B600000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B5E4000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8B5F0000 \SystemRoot\System32\Drivers\Null.SYS
0x8B5F7000 \SystemRoot\System32\Drivers\Beep.SYS
0x837DE000 \SystemRoot\System32\drivers\vga.sys
0x83600000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x837EA000 \SystemRoot\System32\drivers\watchdog.sys
0x8B3F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x837F7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90C3A000 \SystemRoot\system32\drivers\rdprefmp.sys
0x90C42000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90C4D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90C5B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90C72000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90C7D000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x90CC5000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90CF7000 \SystemRoot\system32\drivers\afd.sys
0x90D51000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90D58000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90D77000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x90D88000 \SystemRoot\system32\DRIVERS\jswpslwf.sys
0x90D8D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90D9B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90DAE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90DBE000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x90DE0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x90E21000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90E62000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90E6C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90E76000 \SystemRoot\System32\drivers\discache.sys
0x90E82000 \SystemRoot\System32\Drivers\dfsc.sys
0x90E9A000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90EA8000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x90EE4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90F05000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9262B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x92F99000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x90F17000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92F9B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92FD4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92FF3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x91812000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9185D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9186C000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x91898000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x918DD000 \SystemRoot\system32\drivers\Afc.sys
0x918E5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x918EB000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x918F8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9190A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91922000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9192D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9194F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91967000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9197E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91995000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x919A2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x919AF000 \SystemRoot\system32\DRIVERS\swenum.sys
0x919B1000 \SystemRoot\system32\DRIVERS\ks.sys
0x919E5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91C2F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91C73000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91C84000 \SystemRoot\system32\drivers\nvhda32v.sys
0x91C97000 \SystemRoot\system32\drivers\portcls.sys
0x91CC6000 \SystemRoot\system32\drivers\drmk.sys
0x91CDF000 \SystemRoot\system32\drivers\HdAudio.sys
0x91D2F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x91D3A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91D3C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x91D53000 \SystemRoot\system32\DRIVERS\RTL8192su.sys
0x91C00000 \SystemRoot\System32\drivers\vwifibus.sys
0x91C0A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91C21000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x92600000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91DF9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x919F3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x91800000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x82B70000 \SystemRoot\System32\win32k.sys
0x92613000 \SystemRoot\System32\drivers\Dxapi.sys
0x90FCE000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9261D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x90FE4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90FF1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x82DD0000 \SystemRoot\System32\TSDDD.dll
0x90E00000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x90E09000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x82A00000 \SystemRoot\System32\ATMFD.DLL
0x82A50000 \SystemRoot\System32\cdd.dll
0x90C00000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8B7CC000 \SystemRoot\system32\drivers\luafv.sys
0x90DE6000 \SystemRoot\system32\drivers\WudfPf.sys
0x90C2A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C003000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9C049000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9C059000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C06C000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x9C075000 \SystemRoot\system32\drivers\HTTP.sys
0x9C0FA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C113000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C125000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C148000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C183000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9C1B6000 \SystemRoot\System32\Drivers\adfs.SYS
0x9C1C7000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA0E16000 \SystemRoot\system32\drivers\peauth.sys
0xA0EAD000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0EB7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA0ED8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA0EE5000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0F34000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0F85000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xBA271000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77950000 \Windows\System32\ntdll.dll
0x47B20000 \Windows\System32\smss.exe
0x77B90000 \Windows\System32\apisetschema.dll

Processes (total 73):
0 System Idle Process
4 System
284 C:\Windows\System32\smss.exe
348 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
580 csrss.exe
692 C:\Windows\System32\wininit.exe
700 csrss.exe
740 C:\Windows\System32\services.exe
756 C:\Windows\System32\lsass.exe
764 C:\Windows\System32\lsm.exe
884 C:\Windows\System32\winlogon.exe
920 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\nvvsvc.exe
1024 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\svchost.exe
1456 C:\Windows\System32\svchost.exe
1592 C:\Windows\System32\nvvsvc.exe
1708 C:\Windows\System32\spoolsv.exe
1744 C:\Windows\System32\svchost.exe
1836 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1860 C:\Windows\System32\AERTSrv.exe
1884 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1916 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1940 C:\Program Files\Bonjour\mDNSResponder.exe
1976 C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
2004 C:\Windows\System32\svchost.exe
124 C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
512 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
556 C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
648 C:\Windows\System32\svchost.exe
760 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
1444 C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
1676 C:\Program Files\Xobni\XobniService.exe
2076 C:\Program Files\Canon\CAL\CALMAIN.exe
2672 C:\Windows\System32\taskhost.exe
2864 C:\Windows\System32\dwm.exe
2888 C:\Windows\explorer.exe
3024 C:\Program Files\AVG\AVG10\avgnsx.exe
3040 C:\Program Files\AVG\AVG10\avgemcx.exe
3052 C:\Windows\System32\conhost.exe
3668 C:\Windows\System32\svchost.exe
3708 WUDFHost.exe
3984 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
3996 C:\Program Files\Cobian Backup 9\Cobian.exe
4040 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
684 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
1548 C:\Program Files\AVG\AVG10\avgtray.exe
2432 C:\Program Files\iTunes\iTunesHelper.exe
2708 C:\Program Files\Windows Sidebar\sidebar.exe
2924 C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
3356 C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
3520 C:\Windows\System32\taskeng.exe
1124 C:\Program Files\iPod\bin\iPodService.exe
4272 C:\Windows\System32\SearchIndexer.exe
4380 C:\Program Files\Windows Media Player\wmpnetwk.exe
4524 C:\Program Files\Cobian Backup 9\cbInterface.exe
4952 C:\Windows\System32\svchost.exe
5884 C:\Program Files\Mozilla Firefox\firefox.exe
6052 C:\Program Files\Mozilla Firefox\plugin-container.exe
3340 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
5304 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
1988 C:\Program Files\AVG\AVG10\avgcsrvx.exe
2788 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
5216 C:\Program Files\AVG\AVG10\avgcsrvx.exe
4432 C:\Windows\System32\SearchProtocolHost.exe
5476 C:\Windows\System32\SearchFilterHost.exe
5244 C:\Windows\System32\audiodg.exe
2592 C:\Users\Ian\Downloads\MBRCheck.exe
5672 C:\Windows\System32\conhost.exe
444 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c4f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`04f00000 (NTFS)
\\.\J: --> \\.\PhysicalDrive6 at offset 0x00000000`00100000 (NTFS)
\\.\K: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (FAT32)
\\.\L: --> \\.\PhysicalDrive7 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: SAMSUNGHD103UJ, Rev: 1AA01117
PhysicalDrive6 Model Number: WDMy Passport 071A, Rev: 2011
PhysicalDrive5 Model Number: SeagateExternal Drive, Rev:
PhysicalDrive7 Model Number: WDMy Book, Rev: 1028

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
465 GB \\.\PhysicalDrive6 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive5 RE: Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495
698 GB \\.\PhysicalDrive7 RE: Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E


Done!

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:46 AM

Posted 26 December 2010 - 12:12 PM

The log confirms the MBR infection is taken care of by TDSSKiller. :thumbup2:

  • Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Please update your Java to the latest version (version 6 update 23).
    Please uninstall the following if Java didn't remove it automatically:

    Java
  • Open your Malwarebytes' Anti-Malware.
  • First update it, to do that under the Update tab press "Check for Updates".
  • Under Scanner tab select "Perform Quick Scan", then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#9 macbeth99

macbeth99
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 26 December 2010 - 01:14 PM

I tried to upgrade Java, but it didn't like it. I uninstalled Java.

Now when I try and re-install I get a "The installer cannot proceed with the current Internet Connection settings" message. I close down Firefox and try and run it from the saved installer and the message is the same. Any suggestions welcome !!!

I have run the Malwarebytes, log below:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5398

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

26/12/2010 18:12:29
mbam-log-2010-12-26 (18-12-29).txt

Scan type: Quick scan
Objects scanned: 161116
Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

-----


I've tried a few things to get rid of this. I don't know wheteher you are allowed to make suggestions, but Kapersky foudn ,a dn fixed this, woudl it have stopped it in the first place, or an even better quesiton - shodul I be using it instead of AVG?

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:46 AM

Posted 26 December 2010 - 01:20 PM

I've tried a few things to get rid of this. I don't know wheteher you are allowed to make suggestions, but Kapersky foudn ,a dn fixed this, woudl it have stopped it in the first place, or an even better quesiton - shodul I be using it instead of AVG?

Kaspersky is a much better antivirus than AVG. I don't recommend AVG anyway even if you wanted to use a free antivirus. We come back to this later on.

Let's install Java first. Please run DDS and post just the DDS.txt, no need for the Attach.txt.

#11 macbeth99

macbeth99
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 26 December 2010 - 01:25 PM

DDS (Ver_10-12-12.02) - NTFSx86
Run by Ian at 18:24:01.83 on 26/12/2010
Internet Explorer: 9.0.7930.16406
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3071.1626 [GMT 0:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Ian\Downloads\dds(3).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:59274
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [Cobian Backup 9] "c:\program files\cobian backup 9\Cobian.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [jswtrayutil] "c:\program files\netgear\wna1100\jswtrayutil.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMABLAE0AQwAtAEUAOQBWAFUAVwAtAEUAVwAwAFYAQQAtAFUAVQAzAFgATAAtAEYARQBXADkANwA"&"inst=NwA3AC0ANAA0ADcANwA3ADYANQAxADkALQBGAFAAOQAyACsANgAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0ARgA5AE0AKwAxAC0ARgA5AE0ANwBCACsANQAtAFgATwAzADYAKwAxAA"&"prod=90"&"ver=9.0.872
StartupFolder: c:\users\ian\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ian\appdata\roaming\mozilla\firefox\profiles\ridpxxh7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.football-finances.org.uk/home/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c927cae&v=6.010.006.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ian\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2010-12-16 21728]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2010-12-16 20384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2009-10-2 73728]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 Realtek11nSU;Realtek11nSU;c:\program files\realtek\11n usb wireless lan utility\RtlService.exe [2010-12-15 40960]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]
R2 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2010-12-16 278528]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2010-1-28 50176]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [2010-12-15 583680]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2010-12-16 1484800]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2010-12-16 954368]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400]
S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
S4 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-1-12 185640]

=============== Created Last 30 ================

2010-12-21 22:06:54 -------- d-----w- c:\users\ian\windows
2010-12-19 14:51:37 -------- d-----w- c:\program files\iPod
2010-12-19 14:51:36 -------- d-----w- c:\program files\iTunes
2010-12-18 15:39:12 -------- d-----w- c:\users\ian\appdata\roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-12-18 15:38:05 -------- d-----w- c:\program files\BBC iPlayer Desktop
2010-12-16 15:40:18 21728 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2010-12-16 15:40:18 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys
2010-12-16 15:40:18 1484800 ----a-w- c:\windows\system32\drivers\athur.sys
2010-12-16 15:40:11 -------- d-----w- c:\program files\NETGEAR
2010-12-16 15:39:10 -------- d-----w- C:\temp
2010-12-15 14:41:01 -------- d-----w- c:\program files\Cisco
2010-12-15 14:40:21 583680 ----a-r- c:\windows\system32\drivers\rtl8192su.sys
2010-12-15 14:40:20 614400 ------r- c:\windows\Rtlihvs.dll
2010-12-15 14:40:20 380928 ------r- c:\windows\RtlUI2.exe
2010-12-15 14:40:20 188416 ------r- c:\windows\RTLExtUI.dll
2010-12-15 14:40:19 614400 ------r- c:\windows\system32\Rtlihvs.dll
2010-12-15 14:40:18 380928 ------r- c:\windows\system32\RtlUI2.exe
2010-12-15 14:40:18 188416 ------r- c:\windows\system32\RTLExtUI.dll
2010-12-15 14:40:12 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2010-12-12 22:18:55 -------- d-----w- c:\users\ian\appdata\roaming\AVG
2010-12-12 16:21:51 -------- d-----w- c:\users\ian\appdata\roaming\AVG10
2010-12-12 16:21:01 -------- d--h--w- c:\progra~2\Common Files
2010-12-12 16:20:22 -------- d-----w- c:\progra~2\AVG10
2010-12-12 16:03:00 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-12 16:02:59 -------- d-----w- c:\users\ian\appdata\local\temp
2010-12-12 15:35:46 -------- d-----w- c:\progra~2\MFAData
2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-11-12 18:46:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-08 01:20:24 89088 ----a-w- c:\windows\MBR.exe
2010-10-26 08:38:31 135168 ----a-w- c:\windows\AMCAP.EXE
2010-10-07 12:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 12:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 12:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 12:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 15:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-20 15:33:00 452421869 ----a-r- c:\program files\Horrid Henry.exe

============= FINISH: 18:24:33.54 ===============

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:46 AM

Posted 26 December 2010 - 01:52 PM

Make sure you run the batch file as administrator. Also please do all the steps fully.

  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:


    @ECHO OFF
    Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f
    Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    proxycfg -d
    del %0
    

    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: fix.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate fix.bat on the desktop. It should look like this: Posted Image
    • Right-click to run it as administrator.
    • A window flashes, this is normal.
  • Check and if needed reset the Privacy and Security Options to default:
    • Open Internet explorer > Tools menu > Internet options.
    • Under privacy tab press default.
    • Under security tab press default.
    • Under Advanced tab press Restore advanced settings
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "JDK 6 Update 23 (JDK or JRE)".
    • Click the "Download JRE" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
    • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    • When the Java Setup - Welcome window opens, click the Install > button.
    • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    • Please let me know how it went.


#13 macbeth99

macbeth99
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 26 December 2010 - 07:02 PM

Everything looks okay. Java installed :thumbsup:

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:46 AM

Posted 26 December 2010 - 07:31 PM

Well done. :thumbup2:

Now let's get back to the antivirus protection. Are you planning to have a paid antivirus protection or you want to have a free antivirus other than AVG? In both cases I can recommend you the appropriate software.

#15 macbeth99

macbeth99
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 27 December 2010 - 09:31 AM

Thanks for the fixes !!!

I have survived the last 4 or 5 years, till now, on AVG. Before that I was a McAfee person, but it was big and slow and seemed unnecessary. Clearly AVG let me down. While it was working I was happy to have a free one.

Ideally I would love a free one that is the best one. However what I really want is one that works best, and means I don't have to waste your time. If that means paying I am happy to do so.

I think what I'm saying ina a roudnabout sort of way is tell me the best options :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users